Azusa kept ransomware attacks secret. Leaked data broke its silence.

In 2018, the Azusa Police Department was hit by a ransomware attack that disabled 911 operations and ultimately cost taxpayers more than $50,000. The public is only finding out about the breach now because it was hidden by the city for the past three years.

Azusa officials finally acknowledged the attack this month after the city was targeted by cyber criminals a second time. The second attack was also kept under wraps — for months, not years.

“Through means that remain unclear, the hacking group DoppelPaymer appears to have infiltrated computers in the 63-officer department and gained access to critical data. A demand for money followed,” according to the Los Angeles Times.

“For the next 2½ months, officials in the city of 48,000 kept the hack a secret. They said nothing in March as they strategized with the FBI, Los Angeles County Sheriff’s Department and ransomware consultants, and remained mum in April when they opted not to pay, and hundreds of highly sensitive files, including criminal case files and payroll data, spilled out online.”

DoppelPaymer is an international gang of cyber criminals that has targeted local governments, health care facilities, and schools. The group demanded 15.5 bitcoin (then equivalent to about $800,000) from Azusa as part of the latest attack. When it didn’t get the money, it leaked seven gigabytes of data online. The data — ranging from police investigative files to witness recordings — quickly racked up tens of thousands of views.

Azusa is now urging anyone who has provided personal information to its police department to check with their credit card companies to make sure they have not become victims of identity theft. They can also call a special helpline for assistance at (855) 535-1860.