Hackers leak stolen data from L.A. school district

A ransomware gang published roughly 500 gigabytes of data about students and employees of the Los Angeles Unified School District over the weekend after the district refused to pay a ransom following last month's attack.

Driving the news: L.A. Unified School District superintendent Alberto M. Carvalho confirmed in a tweet Sunday that "a criminal organization" released the data set.

• Ransomware gang Vice Society, which has claimed responsibility for the ransomware attack, published the apparent leak on its dark web site.
• The district and law enforcement are still analyzing the "full extent of this data release," and set up an incident response hotline to help anyone affected by the data leak.
• L.A. Unified is the country's second largest school district with more than 1,000 schools and 600,000 students.

What they're saying: "Based on what we know today we are able to confirm that the release was actually more limited than we originally anticipated," Carvalho said during a press conference late Monday, per ABC7.

• He added that officials believe only information stored on one personal computer was accessed and student information was limited to attendance and academic records from 2013-2016.

Catch up quick: For about a month, L.A. Unified has been responding and recovering from the "significant disruption" to its digital infrastructure.

• Carvalho told the Los Angeles Times on Friday that the district would not pay a ransom to prevent hackers from leaking any stolen data, saying paying wasn't a guarantee that hackers wouldn't leak the information anyway.

Threat level: Researchers at Check Point Software Technologies tell Axios that the data leak "appears to be massive," including more than 248,000 files containing Social Security numbers, contracts, employment tax forms, invoices, passports and more.

• The data trove also appears to include health information, including COVID-19 test data, previous conviction reports and psychological assessments of students, according to TechCrunch.

The big picture: L.A. Unified joins a growing list of schools that have faced a ransomware attack this year, according to publicly available data.

• Allan Liska, a ransomware analyst at cybersecurity firm Recorded Future, estimates there have been 115 ransomware attacks against schools through September, tracking closely with the number of attacks against schools during the same period last year.
• The FBI, CISA and the Multi-State Information Sharing and Analysis Center warned last month that Vice Society has been "disproportionately targeting the education sector."