The cybercriminals behind last month's ransomware attack on the Los Angeles Unified School District have started releasing the personal data of students and school staff members.
“Unfortunately, as expected, data was recently released by a criminal organization,” LAUSD Superintendent Alberto Carvalho wrote in a statement(Opens in a new window) posted on Twitter.
The hackers behind the attack, Vice Society, began releasing the stolen data on Monday after the school district refused to pay the group’s ransom demand. The gang posted a 500GB archive that appears to contain Social Security numbers, passport details, and tax forms, according(Opens in a new window) to TechCrunch. In the hours since, Vice Society’s web pages have mysteriously gone down.
The ransomware group also claims the US Cybersecurity and Infrastructure Security Agency (CISA) "wasted our time," which probably means CISA "successfully stalled the release of the data," according to Brett Callow, a threat analyst at Emsisoft.
Whatever the scenario, Vice Society says it will now "waste CISA['s] reputation,” according to a post(Opens in a new window) on its dark web site, before it went down.
It's unclear how many students and staffers were ensnared in the data leak; LAUSD says it's still working with law enforcement to analyze the full extent of the data release before notifying victims. But it’s clear the breach could have a devastating impact on the privacy of numerous students. LAUSD is the second largest school district in the US and serves over 640,000 children across more than 1,000 schools.
A law enforcement source also told(Opens in a new window) NBCLosAngeles that some of the files the hackers made public include "confidential psychological
Read more on pcmag.com