How Did Thousands of Sensitive LAPD Files Get Leaked? City Officials Seek Explanation

The Los Angeles city attorney’s office disclosed that a third‑party server hosted an unprotected directory containing roughly 337,000 police‑related documents. The cache included raw body‑camera video, medical records, and confidential civil‑lawsuit files, many marked as privileged. Hackers first teased samples on the dark web on March 20 before releasing the full set on March 27, prompting a rapid takedown that lasted only eight hours. An internal audit showed the link was clicked more than 5,000 times on the first day, suggesting a simple credential‑leak rather than a sophisticated intrusion.

The fallout has quickly become a political flashpoint. City Attorney Hydee Feldstein Soto, who is seeking re‑election, lost the endorsement of the LAPD rank‑and‑file union after lawmakers accused her office of withholding critical details. Councilmember Ysabel Jurado demanded a full briefing, noting that senior officials were not notified promptly. The city’s public‑records reform efforts, already controversial, are now under scrutiny as the breach exposed documents that could revive old misconduct lawsuits. An FBI probe adds a federal dimension, while the city promises to notify affected individuals without “unreasonable delay.”

The incident underscores a broader shift in cyber risk for municipal agencies. According to the Identity Theft Resource Center, government‑targeted hacks rose to 165 in 2025, driven in part by AI‑powered tools that lower the barrier for opportunistic attackers. Unsecured internal links, like the one exploited in Los Angeles, are a common weak point that can be mitigated with multi‑factor authentication and regular access audits. As more public entities digitize sensitive records, experts warn that the cost of a breach now extends beyond immediate data loss to legal exposure, reputational damage, and electoral consequences.