Los Angeles Unified School District refused a ransom demand by the group Vice Society. Vice Society responded with a 500GB data file.
Cybercriminals responsible for the ransomware attack that hit Los Angeles Unified School District last month have begun releasing personal data of students as well as school staff.
“Unfortunately, and as expected, data were recently released by a crime organization,” stated Alberto Carvalho, LAUSD Superintendent, in a statement (Opens in new window) that was posted on Twitter.
Vice Society, the hackers behind the attack began releasing the stolen data Monday after the school district refused the ransom demand. According to TechCrunch, the 500GB archive was posted by the gang and appears to include Social Security numbers, passport details, tax forms, and other information. Vice Society’s web pages mysteriously disappeared in the hours that followed.
Ransomware also claimed that the US Cybersecurity and Infrastructure Security Agency, (CISA), “wasted our times,” which likely means that CISA “successfully stopped the release of data,” according to Brett Callow who is a threat analyst at Emsisoft.
Whatever the situation, Vice Society claims it will “waste CISA[’s] reputation” according to a post (Opens in new window) posted on its dark web site.
It is unclear how many students or staff were affected by the data leak. LAUSD said it is still working with law enforcement in order to determine the extent of the data release and notify victims. However, it is clear that the data breach could have devastating consequences for the privacy of many students. LAUSD is the 2nd largest US school district and serves more than 640,000 students in over 1,000 schools.
Another law enforcement source told NBCLosAngeles (Opens in a New Window) that some files made public by hackers include confidential psychological assessments of students, as well as legal documents.
LAUSD uses the incident to remind all school districts in the country to be vigilant against ransomware.
Los Angeles Unified is firm in its belief that money must be used for students and education. Los Angeles Unified stated that paying ransom does not guarantee data recovery. The school district also said in a statement Friday (Opens in new window).
