The Azusa Police Department is continuing Tuesday to assess the scope of a March ransomware attack that led to the release of information ranging from payroll files to investigative reports referencing confidential informants.
The department announced in a statement released last Thursday that it discovered March 9 that some of its computer systems were inaccessible. An investigation with other law enforcement partners and tech experts found that the department had been locked out as the result of a "sophisticated ransomware attack," and officials refused to pay any ransom, according to the department.
On April 27, investigators determined that the hackers had stolen information and by May 20, determined that the data may have included Social Security, driver's license and passport numbers, as well as financial and medical information, according to the police department.
Local news from across Southern California
However, the Los Angeles Times reported Monday that the breach was much broader, based on the newspaper's review of documents posted on a dark web site by ransomeware gang DoppelPaymer.
The Times said the records released online included payroll files, a spreadsheet of gang member contacts, crime scene and booking photos, and investigative reports citing confidential informants.
The index page detailing the police data has been visited more than 11,000 times since April, according to the newspaper.
Azusa police Capt. Christopher Grant told City News Service that investigators — including from the Los Angeles County Sheriff's Department and FBI — are still working to determine the full scope of the data in the hands of hackers.
Grant said he was limited in what he could say as law enforcement agencies work to bring someone to justice in the case.
"There's a lot I... can't discuss," Grant said.
He said that the attack hadn't affected the department's ability to keep Azusa safe.
"Our operations haven't been hindered at all by this," Grant said.
The U.S. Treasury Department has warned that hackers often target small-to-medium-sized businesses and local government agencies because they typically have fewer security protections in place.
Cybercriminals typically encrypt data, making systems unavailable to their owner, and demand payment, often in digital currency, in exchange for decrypting it and not releasing sensitive information publicly.
The Azusa Police Department said it was taking steps to enhance its security, while providing advice in its release for individuals whose data may have been compromised.
The FBI, which has provided assistance in the Azusa attack, has previously said it is aware of incidents in which DoppelPaymer has cold-called victims to coerce them into paying ransom demands. The police department did not say how the organization made contact.
Reported ransomware attacks increased by 37% and related losses jumped 147% from 2018 to 2019, according to the FBI's Internet Crime Report.
Paying such ransoms can result in civil penalties to the victim, according to an advisory released by the Treasury Department's Office of Foreign Assets Control last October.