Cybercriminals behind LAUSD ransomware attack release hacked data, superintendent says

The attack was the 50th this year on the US education sector, according to a tally by cybersecurity firm Emsisoft.

ByTaylor Romine, Ray Sanchez and Raja Razek, CNN, CNNWire
Sunday, October 2, 2022
Hackers release LAUSD data after ransom demand denied
Hackers have released data stolen in a cyberattack against the Los Angeles Unified School District, Superintendent Alberto Carvalho confirmed.

LOS ANGELES -- Cybercriminals who targeted the Los Angeles Unified School District, the second largest in the nation, with a ransomware attack have released some of the hacked data online, according to a tweet from LAUSD Superintendent Alberto M. Carvalho.

"Unfortunately, as expected, data was recently released by a criminal organization," the tweet read. "In partnership with law enforcement, our experts are analyzing the full extent of this data release."

A hotline has been set up to assist those who have questions or need support, according to the tweet.

SEE ALSO | Personal info of 'very small number' of customers compromised by hackers: American Airlines

The supposed leak came as federal officials warn that ransomware attacks on US schools may increase as children return to school and cybercriminals see more extortion opportunities, CNN reported.

LAUSD said in an earlier statement that it's working with law enforcement to "determine what information was impacted and to whom it belongs." The district did not disclose whether it knows what data may be released or when.

The school district announced what it called a significant ransomware attack over Labor Day weekend last month, along with the response from the FBI and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency.

LAUSD has not disclosed the ransom demanded by the criminal organization.

The attack was the 50th this year on the US education sector, according to a tally by cybersecurity firm Emsisoft.

The district said employee healthcare or payroll data did not appear to be impacted and that unspecified "safety and emergency mechanisms remain in place." Credit monitoring services will be provided, according to the statement.

"To our school community and partners, we will update you when we have relevant information, and notify you if your personal information is impacted, as appropriate," the district said.

The investigation is ongoing and the district said paying ransom "never guarantees the full recovery of data" and "public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate."

The school district said it has joined education and technology leaders in calling on the Federal Communications Commission to "immediately authorize" the use of E-Rate Program funds to strengthen the IT security infrastructure. The program helps schools and libraries with broadband access to improve telecommunication capabilities.

Ransomware attacks against schools are becoming more common.

RELATED | Hacker claims to breach Uber network, security researcher says

A predominantly Black college in Illinois was forced to close in May after a pandemic-induced drop in admissions and fallout from a ransomware attack on its computer systems.

A separate attack in January forced the Albuquerque, New Mexico, public school system to close for two days. The hack affected systems with information on emergency contacts for students and adults who are authorized to pick up students.

Another ransomware attack on a software provider in January affected the websites of about 5,000 schools, mostly in the US, that used the software.

(The-CNN-Wire & 2021 Cable News Network, Inc., a Time Warner Company. All rights reserved.)