LAUSD admits September 2022 cyberattack compromised about 2,000 student assessment records
The data leak also included positive COVID-19 test results, driver's license and Social Security numbers.
LOS ANGELES (KABC) -- The Los Angeles Unified School District said a September 2022 cyberattack and data leak compromised about 2,000 student assessment records.
According to a statement released Thursday by Jack Kelanic, a senior IT administrator for the district, 60 of the records that were compromised belong to students who are currently enrolled.
He said the data leak also included positive COVID-19 test results, driver's license and Social Security numbers.
"Some of these records go back almost three decades which creates further time-consuming analysis," he said in the statement.
In October, Superintendent Alberto M. Carvalho held a press conference to dispel rumors that the hackers obtained and released onto the dark web highly sensitive information.
He acknowledged there may have been some "outliers" or individual instances of sensitive data being released. At the time, he said some independent contractors who work for the district may have also had some information released, such as a small number of W-9 tax forms, that were submitted in connection with applying for contracts.
Other data that was obtained included student attendance and academic data from 2013-16, he said.
Full press conference by LAUSD Superintendent Alberto Carvalho Oct. 3, 2022
Kelanic said information on the cyberattack has been made public "based on its availability at the time and as confirmed by both internal and external expert entities."
"Los Angeles Unified takes student, family and employee privacy very seriously and has been implementing enhanced protections and procedures to ensure our data security," said Kelanic. "As we continue to ascertain the accuracy and thoroughness of the data and follow protocols to conduct a comprehensive review, we have already notified some individuals and vendors who have been impacted by this attack and will continue notifying individuals as they are determined."
He adds "ongoing legal notification is complex and made harder in many instances due to the age of files."
