The breakdown of negotiations between the Los Angeles Unified School District (LAUSD) and ransomware operators The Vice Society Ransomware saw the latter release a stolen database online.
The news was confirmed by LAUSD superintendent, Alberto M. Carvalho, who took to Twitter to announce the leak, with the board launching a new hotline where parents can learn more about the incident and what the company is doing to try and minimize the damages.
“Unfortunately, as expected, data was recently released by a criminal organization. In partnership with law enforcement, our experts are analyzing the full extent of this data release,” the tweet reads.
“Better ways to spend cash”
News first broke out of an attack against LAUSD, which encompasses more than a thousand schools, 26,000 teachers, and 600,000 students, in September 2022.
But this new leak came after the board said it would not be paying any ransom demands, as there are plenty of better ways to spend the cash.
“Los Angeles Unified remains firm that dollars must be used to fund students and education,” the organization had said. “Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate.”
According to BleepingComputer, the Vice Society Ransomware stole 500GB worth of sensitive data, including folders named “SSN”, “Secret and Confidential”, “Passport”, and “Incident”.
A source told NBC Los Angeles that the data also holds “confidential psychological assessments of students, contract and legal documents, business records,” and other data.
LAUSD notified affected students and their parents, and offered free credit monitoring services to those that need them. While law enforcement agencies analyze the leak, students and parents are advised to stay vigilant, as phishing attacks are common after such leaks. Identity theft is also relatively common.
- These are the best endpoint protection tools around
Via: BleepingComputer