The second-largest public school system in the US, located in Los Angeles, said that a group of extortionists hacked a sizable database but had not exposed as much private information as they expected, according to a report by Bloomberg.
After the Los Angeles Unified School District declined to pay a ransom to a group named Vice Society, student and staff data from the district started circulating online on Sunday, October 3.
The shadow of a pedestrian is seen walking past the headquarters of the Los Angeles Unified School District on October 3, 2022 in Los Angeles, California. - LAUSD Superintendant ALberto Carvalho remains firm on Monday on his refusal to pay a ransom demanded by an international hacking syndicate, days after hacked data from the school district was posted on the dark web. A hacking syndicate known as Vice Society sent a ransom demand to the school district last week setting an October 3 deadline to pay the unspecified ransom with threats to release more hacked data online if payment is not met.
Leaking the Database
On Labor Day, the school system was hit by a cyberattack and warned that its data would be exposed if it didn't pay to have it recovered.
The district's superintendent, Alberto M. Carvalho, rejected reports that student psychiatric evaluations appeared online and added that no health records were leaked at all.
"I understand there will be many opinions on this matter but, simply said, negotiating with cybercriminals attempting to extort education dollars from our kids, teachers, and staff will never be a justifiable option. LAUSD refuses to pay ransom," Carvalho said in a tweet.
He added that after his team became aware of the attack and took immediate action, just a "very, very small" fraction of the data in the school's IT systems had been downloaded.
He claimed that a database of student data from 2013 to 2016 was the source of the majority of the information made public online. Additionally, some private contractors' and temporary employees' personal information had been leaked as well.
I understand there will be many opinions on this matter but, simply said, negotiating with cybercriminals attempting to extort education dollars from our kids, teachers, and staff will never be a justifiable option. LAUSD refuses to pay ransom. @LASchools https://t.co/at2dbvEgOl
— Alberto M. Carvalho (@LAUSDSup) October 3, 2022
Read also: Australian Authorities Demand that Optus Pay Costs on Massive Data Breach
Hack-and-leak Group
After stressing that the district would stick by its decision not to pay a ransom, Carvalho said in a press conference on Monday that he didn't think the group would leak any more information and was certain that this experience had come to an end, according to Bloomberg's report.
The US Cybersecurity and Infrastructure Security Agency noted that the so-called hack-and-leak group Vice Society, which claimed to have compromised several school districts throughout the US, first surfaced in the summer of last year.
In response to inquiries by Bloomberg, a Vice Society representative stated that the organization now employs its own new software, despite purchasing malicious software to target victims in the past.
The group has recently switched its attention from healthcare to education, and CISA issued a warning that the attacks might pick up speed once students start going back to school.
Related Article: Mobile Malware Cyberattacks Rise to 500% in the First Few Months of 2022 | Here's How to Stay Protected Against Them
This article is owned by Tech Times
Written by Joaquin Victor Tacla
