Ransomware part of attack that compromised 2,000 LA student records, including COVID status, school district days

LAUSD revealed there was an external cyberattack on its IT assets in September.

February 24, 2023, 2:41 PM

A ransomware attack and data leak in September 2022 compromised assessment records, driver’s license numbers, as well as Social Security numbers of approximately 2,000 students, including 60 who are currently enrolled, the Los Angeles Unified School District confirmed to ABC News Friday.

An investigation into the cyberattack, which took place Sept. 5, also found that positive COVID-19 test results were also part of the breach, LAUSD said.

Some of the records go back almost three decades, which results in further time-consuming analysis, according to the press release from Jack Kelanic, the senior administrator of IT infrastructure at LAUSD.

"This is an ongoing investigation in partnership with forensic and cybersecurity experts where arduous, painstaking efforts are taking place to comb through the data, review individual pieces, determine what information was accessed, locate the impacted individuals and notify them of resources to protect themselves," Kelanic said.

"Since the identification of the incident, which is likely criminal in nature, we continue to assess the situation with law enforcement agencies. While the investigation continues, Los Angeles Unified has swiftly implemented a response protocol to mitigate Districtwide disruptions, including access to email, computer systems and applications," LAUSD said in a separate press release at the time.

PHOTO: This photo illustration shows a close-up of a computer screen displaying zeroes and ones
This photo illustration shows a close-up of a computer screen displaying zeroes and ones
STOCK IMAGE / Japatino/Getty Images

The "significant disruption" did not result in school closures. LAUSD established an independent IT task force composed of cybersecurity experts, tasking it with developing a set of recommendations and monthly status updates.

LAUSD later announced that a criminal organization released the illegally obtained data online.

The district said it has notified some individuals and vendors impacted by the attack and will continue to do so as they are determined. Further analysis of the attack is ongoing, according to LAUSD.

"Los Angeles Unified takes student, family and employee privacy very seriously and has been implementing enhanced protections and procedures to ensure our data security," Kelanic said.