The cyberattack that hit the Los Angeles Unified School District last September was worse than initially reported—with hackers accessing about 2,000 sensitive student records, district officials confirmed Feb. 24 to The Epoch Times.
A ransomware group stole a portion of the district’s records and threatened to publish the information if it did not pay a ransom. When Superintendent Alberto Carvalho refused, the group published the data online weeks later.
Initially, Carvalho said an analysis of the published information revealed no critical information involving current employees or students.
However, after further investigation, the district learned more data than originally thought was compromised, Jack Kelanic, the district’s senior information technology administrator, told the Epoch Times in an email.
“The aftermath of a cyberattack is a multi-layered, dynamic process in which real-time updates often alter the direction of an investigation,” Kelanic said. “As the district and its partners delve deeper into the reality of the data breach, the scope of the attack further actualizes, and new discoveries have been revealed.”
Kelanic said that approximately 2,000 student assessment records have been confirmed as part of the attack, as well as their drivers’ licenses and social security numbers and the results of COVID-19 tests.
About 60 of the leaked records involve currently enrolled students, while some are nearly 30 years old, he said.
Kelanic did not specify when the district discovered that more records were impacted. However, he said the district is notifying those affected by the attack and will continue to do so as they are identified.
Additionally, he said, the district has been implementing “enhanced protections and procedures to ensure our data security.”
The notice also stated hackers had been active in the district’s system since July 31—though it only initially reported that the attack began on Sept. 3.
Meanwhile, a nearby district was hit with a similar cyberattack this week.
Student data was stolen from the Long Beach Unified School District’s records system and posted online, district officials said in an email to parents Feb. 22.
Information including student identification numbers, names, and their email addresses were compromised, the district said in the email.
However, it noted that sensitive student and staff information such as addresses, social security numbers, birthdates and grades were not compromised in the leak.
A spokesperson for Long Beach Unified was not immediately available for comment.
