Article Details

LA housing authority confirms breach claimed by Cactus ransomware. The Housing Authority of the City of Los Angeles (HACLA), one of the largest public housing authorities in the United States, confirmed that a cyberattack hit its IT network after recent breach claims from the Cactus ransomware gang. HACLA provides affordable public housing and assistance programs to low-income families, children, and seniors in Los Angeles, California. As a state-chartered public agency, it administers over 32,000 public housing units on an annual budget of over $1 billion. "We've been by affected an attack on our IT network. As soon as we became aware of this, we hired external forensic IT specialists to help us investigate and respond appropriately," a HACLA spokesperson told BleepingComputer. "Our systems remain operational, we're taking expert advice, and we remain committed to delivering important services for low income and vulnerable people in Los Angeles." The organization has yet to disclose when the attack was detected and if any sensitive data was exposed or stolen during the incident. While HACLA didn't reveal the nature of the cyberattack, the Cactus ransomware gang has claimed the breach, saying it allegedly stole 891 GB of files from the compromised network. Cactus claims this stolen data includes "personal Identifiable Information, actual database backups, financial documents, executives\employees personal data, customer personal information, corporate confidential data and correspondence," and has already published some screenshots of sensitive documents on its leak site as proof. The ransomware gang has also uploaded an archive containing allegedly stolen files to prove their claims. Cactus ransomware surfaced in March 2023 with double-extortion attacks and has since added over 260 companies to its dark web data leak site. Its operators breach corporate networks in partnerships with various malware distributors, using purchased credentials, phishing attacks, or exploiting security vulnerabilities in their targets' Internet-exposed systems. HACLA was also breached by the LockBit ransomware gang two years ago, as the organization disclosed in March 2023. The data breach notice revealed that the attackers had access to HACLA's systems for an entire year, between January 15, 2022, and December 31, 2022. Before encrypting devices on the breached network on December 31, 2022, the attackers had access to HACLA members' sensitive personal information, including (but not limited to) names, social security numbers, contact information, driver's licenses, credit card and financial account numbers, as well as their health insurance and medical information. The LockBit ransomware group leaked all stolen files on January 27, 2023, after the government agency refused to pay the ransom demanded by the cybercriminals.