A suspected hacker claimed he or she had stolen the personal information of about 2,500 LAPD officers, trainees, and recruits, along with approximately 17,500 police officer applicants, in what may be a large breach of data held by the city of Los Angeles’ Personnel Department.
The city’s Information Technology Agency said it was contacted last week by someone who claimed to have accessed and downloaded the data, and the person offered some example files to show they actually had obtained the data, said agency General Manager Ted Ross.
“Out of an abundance of caution we’re applying extra layers of security around our personnel system and enhancing defenses,” Ross said. The affected officers, trainees, and applicants began to receive notifications over the weekend.
An email message to officers said that the department learned of a data breach that involved “some of your information contained within the Personnel Department’s Candidate Applicant Program.” The compromised data included the officers’ names, dates of birth, parts of their social security numbers, and the email addresses and passwords they set up when applying for the job, according to the message. Additional personal information may have been compromised. The LAPD told officers in the message they should monitor their personal financial accounts, get copies of their credit reports, and file a complaint with the Federal Trade Commission. The message did not include an explanation of how the breach happened, or if the city would provide credit monitoring or other services.
An LAPD spokesman said the department is taking steps to make sure its personnel data is safe. “Data security is paramount at the Los Angeles Police Department, and we are committed to protecting the privacy of anyone who is associated with our agency,” the spokesman said.
The officers’ union, the Los Angeles Police Protective League, said the breach is a serious security issue, and urged the city to investigate how it happened and improve data security.
“We also call upon the city to provide the necessary resources and assistance to any impacted officer who may become the victim of identity theft as a result of this negligence, so that they may restore their credit and/or financial standing,” the Protective League said.
Ross said the purported hacker claimed to have downloaded a “subset” of the city’s police officer applicant data, and additional work is being done by the ITA to learn the full scope of the potential theft.