CP
cyberpings
Malware & RansomwareHIGH

WorldLeaks Ransomware - Major Breach Hits Los Angeles Metro

SASecurity Affairs
WorldLeaksLos Angelesransomwaredata breachFoster City
🎯

Basically, a hacker group attacked Los Angeles, causing service disruptions.

Quick Summary

The WorldLeaks ransomware group has breached the City of Los Angeles, causing significant disruptions. Riders are facing issues with Metro services, while Bay Area cities declared emergencies. This incident underscores the urgent need for enhanced cybersecurity measures.

What Happened

On March 20, 2026, the WorldLeaks ransomware group launched a significant attack on the City of Los Angeles and its Metro system. This breach forced the transit agency to shut down access to its internal systems. Riders experienced issues with station arrival displays and online fund additions to TAP cards. Fortunately, rail and bus services continued to operate normally, and there were no reports of customer or employee data being compromised.

In a related incident, two cities in the Bay Area, including Foster City, declared emergencies after suffering similar ransomware attacks. These attacks disrupted municipal services, prompting city officials to seek external support and funding. While emergency services remained functional, many internal systems were taken offline to safeguard the network.

Who's Affected

The breach primarily impacts the Los Angeles Metro, affecting riders who rely on digital services for transit information and ticket purchases. Additionally, residents of Foster City are facing disruptions in municipal services, although emergency response remains intact. The situation raises concerns about the potential exposure of sensitive public information, prompting officials to advise residents to change passwords and protect their personal data.

The WorldLeaks group has been active since 2025, previously known as Hunters International. They have a history of targeting organizations with extortion tactics, threatening to leak stolen data if their demands are not met. The group has claimed responsibility for numerous attacks, and this latest incident adds the City of Los Angeles to their growing list of victims.

What Data Was Exposed

According to reports, the WorldLeaks group claims to have stolen 159.9 GB of data, consisting of 779 files from the City of Los Angeles. While it remains unclear if sensitive data was accessed or copied, the potential for public information exposure is a significant concern. The group’s focus on extortion means they may leverage this data to pressure the city into compliance with their demands.

In Foster City, officials are still investigating the extent of the breach and whether any sensitive data was compromised. As a precautionary measure, they have urged anyone who has interacted with the city to take steps to secure their personal information.

What You Should Do

If you are a resident of Los Angeles or Foster City, it is crucial to take immediate action to protect your personal data. Here are some recommended steps:

  • Change passwords for any accounts associated with municipal services.
  • Monitor financial statements for any unusual activity.
  • Stay informed about updates from local authorities regarding the breach.

Organizations should also review their cybersecurity protocols to prevent similar attacks. Implementing robust security measures and employee training can help mitigate the risks posed by ransomware and other cyber threats. As the situation develops, staying vigilant is key to safeguarding personal and organizational data.

🔒 Pro insight: The shift from encryption to data theft by WorldLeaks reflects evolving ransomware tactics, necessitating immediate response strategies from affected municipalities.

Original article from

Security Affairs · Pierluigi Paganini

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

Malware - Trivy Supply Chain Attack Spreads CanisterWorm

A supply chain attack on Trivy has led to the spread of CanisterWorm across 47 npm packages. Developers are at risk as this malware self-propagates, compromising systems and projects. Immediate action is needed to secure environments against this threat.

The Hacker News·
HIGHMalware & Ransomware

Gentlemen Ransomware - Inner Workings Exposed in Leak

The secrets of the Gentlemen ransomware gang have been leaked, revealing their dual-extortion tactics and complex operational strategies. This leak highlights vulnerabilities within cybercrime groups and the risks they pose to organizations. It's a crucial moment for cybersecurity awareness and action.

SC Media·
HIGHMalware & Ransomware

Speagle Malware - Hijacks Cobra DocGuard for Data Theft

A new malware called Speagle is exploiting Cobra DocGuard to steal sensitive data. Organizations using this software are at high risk. Immediate action is needed to protect sensitive information from this sophisticated threat.

SC Media·
HIGHMalware & Ransomware

Perseus Android Malware - Evolving Threat for Device Takeover

A new Android malware called Perseus is evolving from previous threats like Cerberus. It targets users for device takeover and financial fraud. Users in multiple countries are at risk, highlighting the need for vigilance against such threats.

SC Media·
HIGHMalware & Ransomware

Malware - Malicious IDE Extension Targets Developers Using Solana

A malicious IDE extension has been uncovered that targets developers. It uses the Solana blockchain to steal sensitive data, posing a serious risk. Developers must be cautious and verify their tools to avoid this threat.

SC Media·
HIGHMalware & Ransomware

Ransomware Attack - California City Declares Emergency

Foster City, California, is facing a ransomware attack, leading to a state of emergency. Residents are urged to secure their personal data. The LA Metro is also dealing with unauthorized activity, affecting services. Stay vigilant and follow official updates.

The Record·