The Los Angeles school district, the nation’s second largest, was hit with a ransomware cyberattack over the past weekend. Officials did not disclose whether or not an extortion demand was imposed by the hackers responsible for the attack.
Officials and law enforcement declared that the attack was “likely criminal in nature”, which is easy to conclude given the scale and sophistication of this attack. School officials did not suspect that the cyberattack would interrupt “instruction, transportation, or food” according to a Bloomberg report.
Alarmingly, this is the 50th cyberattack against a U.S. education institution so far this year. Over 26 universities/colleges, and 24 districts with 1,727 schools form this count, per cybersecurity expert Brett Callow of Emisoft.
The Lost Angeles school district initially advised the public in a statement that “access to email, computer systems and applications” are expected to be available after “swiftly implementing a response protocol.” This, however, did not materialize.
The fallout continues
According to the Los Angeles Times, private data of more than 400,000 students could be at risk from the attack from September 3rd. Schools did not open until Tuesday, September 6th, despite previous assurances that no disruption would occur.
District officials are unsure at this time if the student management system, which includes assessments, grades, schedules, and potentially sensitive information about student disabilities—were affected.
However, officials remain confident at this time that other personally identifiable information such as social security numbers, medical records and payroll information of employees remains secure.
2020 Audit revealed vulnerabilities that hackers exploited in Saturday attack
The potential bombshell report by the Los Angeles Times indicates that an audit performed in 2020 exposed the vulnerabilities that were persistent across the LA district information technology infrastructure—the same vulnerabilities that the hackers later exploited in 2022.
A redacted version of the report was provided to the L.A. Times, which reported that auditors were able to “gain access to certain sensitive information including a limited number of social security numbers”, and “were able to convince employees to unknowingly execute malicious codes.”
Other problems identified included:
- The district lacked adequate “incident response training” to react, for example, to hacking or another emergency.
- Certain classes of computer accounts had substandard security.