Around 20,000 Los Angeles Police Department job-seekers and officers have had their personal data nicked, the force has confirmed.
A total of 17,500 applicants to the force and 2,500 serving officers had their names, dates of birth, parts of their social security numbers, and the email addresses and passwords associated with their applicant accounts stolen by hackers.
Local news outlet NBC LA reported that affected people were told over the weekend.
In a statement, the force said: "Data security is paramount at the Los Angeles Police Department, and we are committed to protecting the privacy of anyone who is associated with our agency."
A local police trade union demanded that the city authorities "provide the necessary resources and assistance to any impacted officer who may become the victim of identity theft as a result of this negligence, so that they may restore their credit and/or financial standing".
The breach was blamed on an unidentified hacker who stole the files then emailed the police IT department with samples.
LAPD questions Google Apps security credentialsREAD MORE
A decade ago, the police force was tech-savvy enough to question Google's security knowhow, so it seems unlikely the LAPD managed to leave their data unsecured. Reports indicated that the hacker claimed to have obtained the data directly rather than through a disgruntled insider.
Terence Jackson, CISO of Thycotic (a US infosec outfit, not a psychopath with a lisp) opined in a canned comment: "While details are still unfolding, I think I have more questions than answers at the present time. What system did the perpetrator have access to? How was access monitored? Did she have admin access? How was she able to exfiltrate so many records without triggering any alerts? This is yet another example of why castle and moat security isn't effective anymore. The threats are already inside."
In other US hack news, credit card provider Capital One suffered the theft of 100 million customer records yesterday. ®