A massive cache of Los Angeles Police Department records appears to have been stolen in a suspected hack of the Los Angeles City Attorney’s office, with portions of the material starting to surface online this week. The haul reportedly includes internal affairs documents and officer personnel files that, if authentic, could expose witness names, medical information and unredacted criminal complaints. The city and the LAPD have not yet issued public statements confirming the breach.
According to the Los Angeles Times, posts about the breach indicate roughly 7.7 terabytes of data and more than 337,000 files were made available for download. The Times reports that the trove includes investigative files turned over as part of court discovery, officer personnel records, and other highly sensitive material, and notes it was not immediately clear whether hackers had demanded a ransom.
What California law says
Under California law, most peace officer personnel records are treated as confidential, although recent reforms require disclosure of certain use-of-force and related records. Penal Code §832.7 spells out the categories that must be released and allows agencies to redact medical details, victim identities, and other sensitive information before anything becomes public.
How the files surfaced
Some of the files began popping up on social platforms, including X, and one of the earliest posts came from the account @WhosTheCop, the Los Angeles Times reports. The account’s administrator told the paper that a security researcher first disclosed the breach and that some of those early posts were later taken down.
Where the breach is believed to have happened
The leak is believed to have originated with the Office of the Los Angeles City Attorney in City Hall East, which lists its mailing address as 200 N. Main Street. The records involve the LAPD, whose headquarters and administrative offices are located in downtown Los Angeles at 100 W. First Street, according to the department’s website.
What’s next
If verified, the disclosure could trigger notification obligations, civil claims, and fresh scrutiny of how municipal offices handle sensitive law-enforcement material. Investigations of this scale typically pull in city cybersecurity teams along with federal cybercrime investigators, and privacy advocates say victims, witnesses, and officers should monitor for identity-theft risks while officials work to contain the damage.
