Hackers Leak 500GB Stolen Data from LAUSD Ransomware Attack

The Los Angeles Unified School District (LAUSD) ransomware attack just got worse as Vice Society, the group behind the attack, decided to release 500GB of stolen data this past week.

Following the initial attack on Labor Day weekend, Vice Society gave LAUSD until October 4th to pay the ransom but grew impatient with LAUSD’s decision to work with the FBI and U.S. Cybersecurity and Infrastructure Security Agency (CISA).

According to TechCrunch, Vice Society grew frustrated that CISA was allegedly stalling the release of data and stated that CISA was “wrong” to advise LAUSD not to pay the ransom demand.

Vice Society went into victim blaming mode, stating that LAUSD should have just paid the ransom since they typically always delete the documents, help to restore networks and never talk about companies that pay the ransom.

The stolen (and now leaked) data includes a trove of personal information containing social security numbers, passport information, tax forms, contract and legal documents, criminal records, COVID-19 testing results and student psychological assessments.

Vice Society is well known for targeting the education sector and suspected to be behind at least eight other education attacks this year.

Another factor that may have led to the early release of the data was a press release from LAUSD outlining the attack, mitigation efforts and the staunch decision to not pay the ransom.  

“It is important to note that this investigation is ongoing. Los Angeles Unified remains firm that dollars must be used to fund students and education. Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate. We continue to make progress toward full operational stability for several core information technology services.”

While the ransom has not been disclosed by anybody involved, LAUSD Superintendent Alberto Carvalho stated that the level of demand was, “… quite frankly, insulting. And we're not about to enter into negotiations with that type of entity.”

With the data now released, LAUSD awaits to understand the amount of damage this ransomware attack may likely cause.

As the second largest school district in the United States, LAUSD has more than 1,000 schools and 600,000 students—making it a prime target for a large-scale ransomware attack like this.

Details on how the attack happened and any related mitigation efforts are minimal at this point, but LAUSD has launched a dedicated incident-response line for questions about the attack. The phone number is 855-926-1129, and its hours of operation are 6:00am to 3:30pm PT, Monday through Friday, excluding major U.S. holidays.

You can also follow LAUSD social media for updates on Twitter @laschools and @lausdsup, Instagram at @laschools and @lausdsup, and Facebook at @laschools and @AlbertoMCarvalho1.

Did You Know October is Cybersecurity Awareness Month?

In support of Cybersecurity Awareness Month 2022, the Schneider Downs cybersecurity team is introducing a library of cybersecurity resources to help keep cybersecurity top-of-mind every day—at home, in the office and everywhere in between.

Explore the new resources at www.schneiderdowns.com/ncsam.

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

To learn more, visit our dedicated Cybersecurity page or contact the team at [email protected].

Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2023 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Norton Believes Credential Stuffing Attack Led to LifeLock Breach
Why Cybersecurity Programs are Facing Increased Scrutiny from Private Equity Firms
Start The New Year Off Secure: 5 Cybersecurity Resolutions for 2023
TikTok: Spreading Holiday Cheer and Personal Information
Cybersecurity BY David Murphy
Key Benefits of Server Message Block Signing
SEC and PCAOB Developments Conference Day 1
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×