Los Angeles School Board investigating possible major data theft

(Image credit: Marcelo Cidrack / Unsplash)

The Los Angeles Unified School District (LAUSD) has said it is investigating a possible data breach after a hacker revealed data for sale on a dark web forum.

LAUSD is the second-largest public school district in the United States, counting more than half a million students for the 2023-2024 school year. Furthermore, it has almost 50,000 employees, including almost 26,000 teachers.

According to BleepingComputer, a hacker is asking for $1,000, for a batch of CSV files containing 11GB of sensitive data. The data includes 26 million records with student information, more than 24,000 teacher records, and around 500 containing staff information.

Data from an old attack?

The attacker also shared two samples with some 1,000 student records, to prove the legitimacy of the claims. These records contained people’s Social Security Numbers (SSN), postal addresses, parent addresses, email addresses, contact information, as well as birth dates.

The publication says the information could be legitimate, but could also be old. LAUSD suffered a ransomware attack back in 2020, and since the organization declined to pay the ransom demand, the hackers sold the data on the dark web.

Indeed, the information in the sample is old, BleepingComputer added. However, the sample is also relatively small (just 1,000 records), so the rest of the database could still be fresh. After reaching out to LAUSD, the publication was told that an investigation is currently underway:

"We are looking into this and will get back to you if we have further information to share," LAUSD Public Information Officer Britt Vaughan told the publication.

In early September 2022, LAUSD confirmed suffering a ransomware attack which was big enough to catch the attention of the White House. The official residence and workplace of the president of the United States alerted the Department of Education, the FBI, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and demanded a combined effort to "provide rapid, incident response support".

Schools across the district opened on September 6 as planned, with little impact on everyday learning, although LAUSD warned some institutions may encounter disruption in their "business operations".

More from TechRadar Pro

All Los Angeles schools were hit by a huge ransomware attack
Here's a list of the best firewalls around today
These are the best endpoint security tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.