Hackers have leaked data stolen from the United States's second-largest school district, after the Los Angeles Unified School District (LAUSD) announced it would not be giving in to ransom demands.
LAUSD was hit at the start of last month, just before classes were scheduled to resume after the summer break, by the Vice Society ransomware gang, who have been responsible for a series of attacks against the education sector across the country.
Initially it was believed that disruption to the school's email systems and network infrastructure would be the biggest headache following the security breach. But it has since emerged that Vice Society did most likely exfiltrate sensitive data from LAUSD's systems.
Local media reports have suggested that data stolen and leaked by Vice Society includes confidential psychological assessments of students, contract and legal documents, and business records, amongst other sensitive data.
LA Schools Superintendent Alberto M. Carvalho tweeted out a hotline number for pupils and parents who had questions and concerns following the security breach.
Carvalho had previously said that the school district refused to pay ransoms, adding that "negotiating with cybercriminals attempting to extort education dollars from our kids, teachers, and staff will never be a justifiable option."
In a press release, LAUSD reiterated that it believed giving in to extortionists was wrong:
"Los Angeles Unified remains firm that dollars must be used to fund students and education. Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate."
On its official leak site, Vice Society claimed that its time had been "wasted" by CISA, the US's Cybersecurity and Infrastructure Security Agency, suggesting that attempts to stall the release of the exfiltrated data had been at least temporarily successful.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsSeptember 06, 2024
September 02, 2024
August 13, 2024