As first reported by The Daily Dot, the data breach exposed internal documents, including thousands of police policies, emails, phone numbers, addresses, and other sensitive information about Lexipol employees.
The hackers published the stolen data on Distributed Denial of Secrets (DDoS), a nonprofit platform for leaked information. In a statement, the group said they targeted Lexipol because, in their view, there aren’t “enough hacks against the police,” so they took action themselves.
Founded in 2003, Texas-based Lexipol LLC, also known for its online training platform PoliceOne, has become a significant force in police privatization. The company supplies policy manuals and training content to more than 20% of U.S. police departments, according to a 2022 Indiana Law Journal analysis. This widespread adoption has effectively shaped public policy, despite Lexipol being a private company.
Critics have long raised concerns about Lexipol’s focus on minimizing legal liability for police departments rather than addressing issues like excessive force or racial profiling. The Intercept reported in 2020 that Lexipol’s training materials, used by the NYPD after the George Floyd protests, prioritized protecting departments from lawsuits rather than promoting accountability or reform.
Additionally, Lexipol has actively opposed proposed changes to police use-of-force standards, favoring a more lenient “objectively reasonable” standard.
The leaked documents revealed striking similarities in policy language across different police departments, with matching sections on use-of-force protocols and even identical “Code of Ethics” pages — some ending with a religious oath dedicating officers to their profession before God.
Despite Lexipol’s intent to reduce legal risks for its clients, some police departments using its policies have faced legal consequences. In 2017, Culver City, CA, adopted a Lexipol manual that suggested detaining suspected undocumented immigrants based on “lack of English proficiency,” contradicting the city’s sanctuary status. Similarly, Spokane, WA, paid a $49,000 settlement in 2018 after police violated local immigration laws using Lexipol’s guidance.
Although the puppygirl hacker polycule isn’t linked to previous major breaches, their tactics echo those of SiegedSec, a group known for hacking government sites and playfully demanding research into “IRL catgirls.” As political tensions rise, the hackers predict more “hacktivist” attacks, aiming to expose injustices and empower public awareness.
The Lexipol breach serves as a stark reminder of the vulnerabilities in privatized law enforcement systems and the growing influence of cyberactivism.
