The ransomware attack against the Los Angeles Unified School District just got worse. TechCrunchreports the group that took credit for the heist, Vice Society, has published a 500GB data cache from the early September breach. The collection includes extremely sensitive details like Social Security numbers, bank account info and health data that extends to students’ psychological profiles.
Vice Society had given LAUSD until October 4th to pay the ransom. It’s not clear what prompted the hackers to release the data a day early, but they alleged that the US Cybersecurity and Infrastructure Security Agency (CISA) “wasted our time” and was “wrong” to tell the district to reject the extortion attempt. CISA, the FBI and other agencies have historically told ransomware victims to refuse payment as it simply encourages hackers to look for more targets, and doesn’t guarantee the data will be restored.
LAUSD superintendent Alberto Carvalho has announced the creation of a hotline at 855-926-1129 to provide support to parents and staff affected by the hack. It’s available between 6AM and 3:30PM Pacific Monday through Friday, except for holidays.
The school district is still recovering, and hopes to achieve “full operational stability” for key technology services. The data leak could still pose a serious risk to students and their families through potential frauds and other privacy violations. To some degree, though, LAUSD is escaping the worst possible damage. Lincoln College shut down completely as the combination of ransomware and a pandemic-related enrollment shortfall made it financially impossible to continue.