After LAUSD Superintendent Alberto Carvalho said he would neither negotiate nor pay a ransom to hackers, the criminal group released data from the school district on Saturday.
It’s unclear how much information was included in the release, but The Times was able to review some screenshots that appear to show Social Security numbers.
The data was released two days earlier than the syndicate; Vice Society had initially said. This premature release came in response to what the hackers perceived as Carvalho’s final answer. Hackers often demand payment by holding private information ransom and requiring decryption keys to unlock systems.
“What I can tell you is that any demand — would be absurd,” Carvalho told The Times on Friday. “But this level of demand was, quite frankly, insulting. And we’re not about to negotiate with that type of entity.”
In a statement released later that day, he said: “Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate.”
Federal and local authorities, including the school district, are still trying to understand how much data was stolen.
“Unfortunately, as expected, data was recently released by a criminal organization,” the school district said in a social media post-Sunday. “In partnership with law enforcement, our experts analyze the full extent of this data release.”
On Friday, Carvalho stated that he was sure no employee information had been stolen. However, he wasn’t as confident about student data. This data could include names, grades, course schedules, disciplinary records, and disability status.
Some of the papers in the dump look to be formed with sensitive information from facilities services, which is a division of the city government. These forms may have been completed by employees or contractors working for the school system, depending on who constructed them.
The W-9 continues to be in drop. The W-9 is an official IRS form that businesses or other organizations use to verify the name, address, and tax identification number — often a Social Security number — of people receiving income. Independent contractors who work for firms or agencies with whom they are not affiliated must frequently submit a W-9.
If you or anyone you know was affected by the data release, please call the district’s incident response line at (855) 926-1129. The hours of operation are 6 a.m. to 3:30 p.m., Monday through Friday, excluding major U.S holidays.
Since the attack was uncovered on September 3rd, America’s second-biggest school district has worked hand-in-hand with local law enforcement, the FBI, and CISA (the federal Cybersecurity and Infrastructure Security Agency).
Immediately after the LAUSD attack, CISA posted a warning to education institutions about Vice Society. Although they didn’t directly confirm that the syndicate was responsible for it, their quick response suggests they believe them to be involved.
The syndicate’s Monday deadline was posted on Vice Society’s dark website. This website had informally confirmed to three reporters that it was responsible for the hack.
On Friday, Carvalho declined to dispute reports that identified Vice Society. He continued his long-standing policy of not revealing how much money was being sought.
The group announced their responsibility by posting on the dark web, which showed the Vice Society’s logo and slogan. They listed entities they have allegedly victimized as “partners,” one of which is now LAUSD with its corresponding logo.
According to Emsisoft’s Brett Callow, hackers have struck at least 27 US school districts and 28 colleges this year. At least 36 of those organizations’ data was stolen and published online, with at least two communities and one college paying the attackers.
According to estimates from cybersecurity professionals who confirmed late Saturday or early Sunday that the leak had occurred, Callow and blogger Dominic Alfieri, Vice Society, has already assaulted at least nine school districts and institutions.
After the LAUSD attack was discovered, district technicians quickly shut down all computer operations to limit the damage. Officials were then able to open campuses as scheduled on the Tuesday after the holiday weekend. However, the shutdown and hack resulted in a week of significant disruptions for more than 600,000 users who had to reset passwords while systems were gradually screened for breaches and restored.
Additional damage and data theft were prevented after technicians discovered and removed tripwires left behind by the attackers. The restoration process is ongoing. However, they also found that data had been stolen during the initial attack.
Hackers claimed they stole 500 gigabytes of data. So, the district set up a cybersecurity task force and granted Carvalho emergency powers to take any related step he feels is necessary.
The facilities division’s internal systems were the most damaged. Carvalho noted that it was essential to devise workarounds for contractors to pay for renovations and construction on time.