After declining to pay the ransom, the Vice Society Ransomware gang decided to publish the stolen data of Los Angeles Unified School District on Sunday morning, which it grabbed during a cyberattack against the school earlier this month.
The leaked data consists of a wide range of information regarding the students and their parents. With the data being published, the school is informing all the people who were affected by this incident and providing a free credit monitoring service.
LAUSD Data Leak
Earlier this month, the Vice City Ransomware group claimed to have breached the network of the Los Angeles Unified School District – stealing some of its sensitive data and threatening to leak.
The group claimed to have 500GB of of LAUSD data without mentioning its contents of it. Well, as LAUSD decided not to pay their ransom demand, the ransomware group leaked the stolen data of the school on Sunday morning.
The ransomware group mentioned CISA in its data leak post, accusing it of assisting the school during the recovery. Checking the contents of this leak, BleepingComputer noted information categorized as ‘ssn‘, ‘Secret and Confidential‘, ‘Passport‘, and ‘Incident.’
Further, a law enforcement source for NBC Los Angeles said the leaked documents include “confidential psychological assessments of students, contract and legal documents, business records, and numerous database entries.”
Thank you to our students, families and employees for doing their part in the ongoing recovery from this cyberattack. pic.twitter.com/K8VhiFmSbL
— Alberto M. Carvalho (@LAUSDSup) October 2, 2022
Confirming this leak, LAUSD superintendent Alberto M. Carvalho said they’re launching a new hotline number – 855-926-1129 – for concerned parents and students to enquire about the incident.
The school said it’ll notify its community, partners, or employees if their personal information was exposed in this attack and even provide free credit monitoring services.
Well, even with them, students and parents are strongly advised to monitor their credit accounts for potential identity theft or financial fraud if they believe that their information was a part of the incident.