165/69 Monday, March 23, 2026
The ransomware group WorldLeaks added the City of Los Angeles to its leak site on March 20, 2026, claiming it had stolen approximately 159.9 GB of data across 779 files. The group operates as a cybercriminal network focused on data exfiltration and extortion, pressuring victims to pay in exchange for not releasing stolen data publicly. WorldLeaks is reportedly a rebranded version of the Hunters International group, which shifted its operations in 2025 from file encryption to data theft and extortion.
At the same time, LA Metro disclosed that it had detected unauthorized activity within its internal computer systems, prompting restrictions on access to certain services. As a result, digital display boards at transit stations were unable to show real-time schedules properly. Passengers also experienced issues reloading TAP cards through online channels and customer service centers, and were advised to use ticket vending machines instead. Despite the disruption, train and bus services continued operating normally, and there is currently no evidence that customer or employee data has been compromised.
In a separate incident, the City of Foster City declared a state of emergency following a ransomware attack that disrupted multiple municipal services. While emergency services such as 911 remain operational, many digital services and internal systems are still offline as a precaution to prevent further damage. It is not yet clear whether attackers accessed or exfiltrated sensitive data. Authorities have advised individuals who have interacted or conducted transactions with the city to promptly change their passwords and take additional steps to protect their personal information.
Source https://securityaffairs.com/189753/data-breach/worldleaks-group-breached-the-city-of-los-angels.html