LAPD cyber breach exposes 337,000 case files, alarms victims and investigators

A 7.7-terabyte leak of 337,000 LAPD-related files raised immediate alarms because it could do more than expose paperwork. The material reportedly included witness names, arrest records, complaints, Internal Affairs investigations, use-of-force histories, personnel files, and medical data, the kind of information that can identify vulnerable witnesses, expose complainants, and tip off people tied to open or sensitive cases.

City officials said the unauthorized access happened on March 20, 2026, inside a third-party digital storage system used by the Los Angeles City Attorney’s Office to transfer discovery materials to opposing counsel and litigants. The breach was first disclosed publicly on April 8, 2026. LAPD said its own networks and systems were not affected, but the department said it was still working with the City Attorney’s Office to understand the full scope of what was exposed.

The security failure matters because the storage system was not a small archive. Sources familiar with the setup said it had expanded over time to hold records from hundreds of lawsuits involving the department, including previously adjudicated or settled civil litigation. It reportedly was not password-protected because officials believed outside attorneys and other parties needed access. That design left a wide opening for anyone who got in to map out the department’s litigation history, identify recurring allegations, and see which names kept coming up in complaint files and Internal Affairs records.

The City Attorney’s Office said it took immediate steps to secure the tool, reported the incident to law enforcement, and hired outside counsel and forensic support. Spokesperson Ivor Pine said the information was self-contained in the application and that no other city systems were impacted. Reporting also identified the extortion group WorldLeaks as the party claiming responsibility, and sources said some stolen material was briefly posted online before being removed.

The breach has quickly spilled into city politics. On April 10, 2026, the Los Angeles Police Protective League rescinded its endorsement of City Attorney Hydee Feldstein Soto, saying she had known about the breach since at least March 20 and did not disclose it during a March 25 meeting with the union’s Political Action Committee. The union said it learned of the breach from news reports and demanded that Feldstein Soto remove its logo from campaign materials. With hundreds of thousands of files now tied to LAPD litigation, the central fear is simple: the leak may have handed outsiders a roadmap to witnesses, victims, and investigators still at risk.