The cybercriminals behind last month’s ransomware attack on the Los Angeles Unified School District have started releasing the personal data of students and school staff members.
“Unfortunately, as expected, data was recently released by a criminal organization,” LAUSD Superintendent Alberto Carvalho wrote in a statement(Opens in a new window) posted on Twitter.
The hackers behind the attack, Vice Society, began releasing the stolen data on Monday after the school district refused to pay the group’s ransom demand. The gang posted a 500GB archive that appears to contain Social Security numbers, passport details, and tax forms, according(Opens in a new window) to TechCrunch. In the hours since, Vice Society’s web pages have mysteriously gone down.
The ransomware group also claims the US Cybersecurity and Infrastructure Security Agency (CISA) “wasted our time,” which probably means CISA “successfully stalled the release of the data,” according to Brett Callow, a threat analyst at Emsisoft.
Whatever the scenario, Vice Society says it will now “waste CISA[‘s] reputation,” according to a post(Opens in a new window) on its dark web site, before it went down.
It’s unclear how many students and staffers were ensnared in the data leak; LAUSD says it’s still working with law enforcement to analyze the full extent of the data release before notifying victims. But it’s clear the breach could have a devastating impact on the privacy of numerous students. LAUSD is the second largest school district in the US and serves over 640,000 children across more than 1,000 schools.
A law enforcement source also told(Opens in a new window) NBCLosAngeles that some of the files the hackers made public include “confidential psychological assessments of students,” along with contract and legal documents.
Recommended by Our Editors
As a result, LAUSD is using the incident to remind school districts across the country to be on guard against ransomware groups.
“Los Angeles Unified remains firm that dollars must be used to fund students and education. Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate,” the school district said(Opens in a new window) in a statement on Friday.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Hits: 0
