LAUSD Hackers Threaten To Post Student, Staff Data To Dark Web Monday

LOS ANGELES, CA — The Los Angeles Unified School District hackers set a Monday deadline for the school district to pay a ransom or the private data of students and employees will be released on the dark web, officials said Friday.

The deadline was posted on the dark website run by Vice Society, which claims to be responsible for the hack that L.A. Unified experienced during Labor Day weekend. In response, Superintendent Alberto Carvalho said the district will not pay the ransom or negotiate per the advice of law enforcement and federal officials.

Carvalho would not name the amount that is being demanded by the syndicate but said the demand was absurd.

"This level of demand was, quite frankly, insulting. And we’re not about to enter into negotiations with that type of entity,” Carvalho told the Los Angeles Times.

A screenshot of a post on Vice Society's website shows L.A. Unified listed as a partner, along with other entities it claims to have victimized. The webpage states "the papers will be published by London time on Oct. 4, 2022 at 12 a.m."

The hackers said they are prepared to publicly release 500 gigs of data, which can't be verified by the district unless the hackers send proof. Though Carvalho said that he believes confidential information about employees was not stolen, he is unsure about information related to students' names, grades, course schedules, disciplinary records and disability status.

When the attack was discovered on Sept. 3 the district was prompted to deactivate all its systems in an "unprecedented" move.

Subsequently, the district contacted federal officials over the weekend, prompting the White House to mobilize a response from the U.S. Department of Education, the FBI and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, according to the LAUSD.

"We did not know at that time what areas were targeted, what entity was targeting us," Carvalho said. "We were unaware how deep, how complex this incident, this action, was. So, as a matter of protection, we basically shut down every one of our systems."

Carvalho said that by late Monday night, the district confirmed that all key systems would be active Tuesday morning, allowing the district to proceed with starting school as normal following Labor Day.

Classes resumed at LAUSD as scheduled Tuesday, with officials reporting a "fairly normal school day" despite what the district called a "significant disruption to our system's infrastructure."

The district will provide support to those who could be harmed by the release of data, including setting up a hotline, according to Carvalho. A cybersecurity task force has been set up and the school board has granted Carvalho emergency powers to make necessary decisions related to this situation.

District officials said they immediately established a plan of action to provide protection in the future, "informed by top public and private sector technology and cyber security professionals."

The plan includes:

• Independent Information Technology Task Force: Charged with developing a set of recommendations within 90 days, including monthly status updates;
• Additional human resources: Deployment of IT personnel at all sites to assist with technical issues that may arise in the coming days;
• Technology investments: Full-scale reorganization of departments and systems to build coherence and bolster data safeguards;
• Advisory council: Charged with providing ongoing advisement on best practices and systems, including emerging technological management protocols;
• Technology adviser: Directed to focus on security procedures and practices, as well as conduct an overall data center operations review that includes an assessment of existing technology, critical processes and current infrastructure;
• Budget appropriation: Directed appropriation of any necessary funding to support Information Technology Division infrastructure enhancement;
• Employee training: Develop and implement mandatory cyber security responsibility training;
• Forensic review: Expand ongoing assistance from federal and state law enforcement entities to include a forensic review of systems, and
• Expert team: Creation and deployment of an expert team to assess needs and support the implementation of immediate solutions.

City News Service contributed to this report.

Read more at the Los Angeles Times: Hackers set Monday deadline for LAUSD to pay up or have private data posted on dark web