Hackers breach LAPD systems, leak confidential police records

Cybercriminals are believed to have obtained a large volume of sensitive internal documents linked to the Los Angeles Police Department and released them online.

The compromised files reportedly include personnel records of police officers, details of internal affairs investigations, and discovery documents. These discovery records may contain unredacted criminal complaints along with personal data such as witness identities and medical information, according to reporting by the Los Angeles Times.

Emma Best, founder of the transparency collective Distributed Denial of Secrets, which is hosting the leaked dataset, stated in an online post that the breach has been attributed to the extortion group World Leaks.

Best explained that she was able to examine portions of the data when it briefly appeared — and was later removed — from the group’s leak portal. Such portals are typically used by ransomware and extortion groups to pressure victims into paying by publicly exposing stolen information. It remains unclear why the dataset is no longer visible on the group’s website.

In an official statement, the LAPD confirmed it is investigating the incident. The department indicated that its own internal systems were not directly compromised. Instead, the breach appears to involve “a digital storage system” operated by the Los Angeles City Attorney’s Office.

The department added that it is coordinating with the City Attorney’s Office to review the affected files and determine the full extent of the exposure.

Under California law, many police personnel records are considered confidential. The Los Angeles Times noted that, if verified, the release would represent a major breach, given that such records are rarely made public.

The scale of the incident is substantial. Reports suggest that approximately 7.7 terabytes of data were exposed, comprising more than 337,000 individual files.

Ivor Pine, speaking on behalf of the City Attorney’s Office, said the breach stemmed from “unauthorised access to a third-party tool,” though no specific vendor was named. He added that the compromised information was isolated within that application and did not provide access to other departmental systems or records.

The group identified as responsible, World Leaks, began operations in January 2025 and is believed to be a rebranded version of the earlier cybercriminal outfit Hunters International. Since its emergence, it has targeted organisations across multiple sectors, including healthcare, manufacturing, and technology.

Cybersecurity firm Halcyon has previously noted that the group has demonstrated the ability to breach high-profile targets, including defence contractors and Fortune 500 companies.