The Los Angeles Police Department (LAPD) has been the victim of a data breach that includes names, email addresses, passwords, and birth dates for over 2,500 police officers and about 17,500 police officer applicants. According to the local media, the breach was discovered on July 25th, 2019. According to sources close to the situation, not all of the applicants made it past the application phase. In a statement released by the LAPD, they confirmed the breach and stated that they were working with the city to determine the scope of the breach. The city has notified those individuals affected and will provide them with further information as it comes in. A statement released by the mayor’s office stated that the breach occurred on an old database that was no longer being used by the personnel department and only had limited information. It is not currently known as to how the breach occurred or if the data is being sold on the dark web. The mayor’s office said that they are taking additional steps to guard against future events of this kind.
Organizations that have old, unused databases should either continue to actively monitor them for potential breaches or archive them and store them in a secure server that is not accessible to the normal internet. Employing a 24-hour monitoring service, such as the Binary Defense Security Operations Center will also help in detecting and mitigating breaches as they happen.