Hackers threaten to leak stolen information if LAUSD does not pay ransom
Hackers have threatened to release stolen data from the Los Angeles Unified School District if the public school system does not pay a ransom by Monday.
"We are diligently working with investigators and law enforcement agencies to determine what information was impacted and to whom it belongs," district officials said.
On Sept. 3, hackers breached LAUSD's digital infrastructure through a massive cyberattack and disrupted access to some of its computer systems including email. After the breach, officials said that none of their critical business systems such as employee healthcare or payroll were impacted. Additionally, officials said safety and emergency mechanisms were still operational.
Hackers have attacked 27 school districts across the country as well as 28 colleges. Some have paid out ransoms while others have not.
"Los Angeles Unified is not the first public school district that has been targeted and unfortunately, it will not be the last," district officials said. "This ransomware attack demonstrates vulnerabilities that leave school districts nationwide susceptible to the significant risk of disruption to instruction, home to school transportation or access to nutritious meals which are catastrophic for students and their learning."
Cyber security expert with tech company Tanium believes remote work and learning may have opened up vulnerabilities in LAUSD's systems.
"It created a magnitude of complexity and challenge for every organization and our schools are no different," he said.
The hackers claim to have stolen 500 gigs of data but experts said it's impossible to verify that assertion.
While LAUSD was confident that sensitive information such as Social Security numbers were secured, student information like grades or disciplinary records may have been stolen.
"To our school community and partners, we will update you when we have relevant information, and notify you if your personal information is impacted, as appropriate," officials said. "We also expect to provide credit monitoring services, as appropriate, to impacted individuals. We will have more to share about how to sign up for credit monitoring services in the coming days."
On Sept. 21, almost three weeks after the cyberattack, LAUSD received a ransom demand but did not respond after consulting with the FBI. Details of the ransom were not released.
"Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate," officials said. "We continue to make progress toward full operational stability for several core information technology services."
Emsisoft threat analyst Brett Callow said that paying the ransom does not guarantee the data would be deleted.
"The district should stand firm on that," said Callow. "If they were to pay, all they would receive is a pinky promise from the attacker that the stolen data would be deleted."
The demands have not been revealed. On Twitter, the hackers said the district has until 4 p.m. on Monday to pay the ransom.
Those concerned about the attack can call the district's incident response line at 855-926-1129. It is open between 6 a.m. and 3:30 p.m., Monday through Friday, but are closed on holidays.