LAUSD superintendent says hackers did not obtain highly sensitive student, employee data

ByJory Rand and staff KABC logo
Tuesday, October 4, 2022
LAUSD says cyberattack did less damage than feared
Hackers who broke into LAUSD systems last month did less damage than feared, the district superintendent said Monday.

LOS ANGELES (KABC) -- Hackers who broke into Los Angeles Unified School District's systems last month did not obtain large quantities of the most-sensitive student and employee data such as social security numbers, the district superintendent said Monday.

Superintendent Alberto M. Carvalho held a press conference to dispel rumors that the hackers obtained and released onto the dark web highly sensitive information such as social security numbers or psychiatric records.

"Based on what we know today we are able to confirm that the release was actually more limited than we originally anticipated," Carvalho said.

He acknowledged there may be some "outliers" or individual instances of sensitive data being released. Some independent contractors who work for the district may have also had some information released, such as a small number of W-9 tax forms, that were submitted in connection with applying for contracts.

Other data that was obtained included student attendance and academic data from 2013-16, he said.

Full press conference by LAUSD Superintendent Alberto Carvalho Oct. 3, 2022

He also acknowledged there is no guarantee that they did not obtain more sensitive information that they have not yet released. But he said based on the group's past pattern, experts say the most sensitive information would have been released by now.

"Our level of concern has actually de-escalated, rather than increased," he said. "That is good news."

The district is reaching out to individuals who may have been impacted and asked parents and students not to call in just to find out if their own personal data was released.

"No news is actually good news," he said.

Carvalho said experts have analyzed server data and the group's patterns and believe it is likely they operate somewhere within Russia.

One key element that limited the scope of the attack, he said, was that district employees were able to detect the intrusion as it was happening and shut systems down. Often in similar attacks against other entities, the violation is not detected until it is complete.

District officials estimate the hackers obtained about 500 megabytes of information - or the amount that could be stored on a single personal computer. By comparison, the district's systems manage many thousands of times that amount of information.

The cyberattack was detected over the Labor Day weekend by district officials who shut the systems down.

A criminal hacking group later reached out and demanded a ransom payment or said the data would be released onto the dark web.

The district made it clear it would not pay a ransom or negotiate, and reports from cybersecurity experts indicated information was released onto the dark web this weekend. But the volume and sensitivity were far less than feared.

A hotline has been made available for anyone in the school community with questions about the attack.

The number is (855) 926-1129. Hours of operation will be 6:00 a.m. to 3:30 p.m., Monday through Friday, excluding major U.S. holidays.