Hackers with the criminal syndicate Vice Society began publishing stolen data from the Los Angeles Unified School District Saturday, two days before the ransom deadline the group had imposed. In a message, the group said the Cybersecurity & Infrastructure Security Agency (CISA) had wasted its time.
The data dump was apparently in response to LAUSD Supt. Albert Carvalho’s stalwart refusal to negotiate with the criminals or pay a ransom. Carvalho confirmed the LAUSD data breach last month.
“Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate,” he said.
TechCrunch has reported that the release “appears to contain personal identifying information, including passport details, Social Security numbers and tax forms,” as well as “contract and legal documents, financial reports containing bank account details, health information including COVID-19 test data, previous conviction reports and psychological assessments of students.”
Supt. Carvalho disputes that, saying in a press conference that the hackers did not obtain the most sensitive information such as social security numbers or psychiatric records.
The district has set up an “incident response” line for anyone affected by the release of data at (855) 926-1129. Hours of operation are from 6 a.m. to 3:30 p.m., Monday through Friday, excluding major U.S. holidays.
If you believe you may have been affected by the data release, follow these steps to minimize your risk.
See also: Why Cybersecurity Remains Essential for Local Government