LOS ANGELES (KNX) – The Los Angeles Unified School District said the ransomware gang behind the 2022 hack has records that include personal information belonging to the school district’s contractors and subcontractors.
Bleeping Computer obtained a data breach notification letter from the school district, which said payroll information and Social Security Numbers were stolen in the security breach.
"On January 9, 2023, we identified labor compliance documents, including certified payroll records, that contractors provided to L.A. Unified in connection with Facilities Services Division projects," the school district said.
The school district also said that the hackers were active in the system between July 21, 2022 and Sept. 3, 2022.
On Sept. 21, 2022, a Labor Day weekend cyberattack resulted in the shutdown of most the district’s computers. On Sept. 30, Vice Society claimed responsibility for the hack. The hacking syndicate threatened to release the data on Oct. 3 unless they received a ransom from the school district. The schools district refused and the group posted the information to the dark web on Oct. 2.
In an Oct. 3 press conference, Superintendent Alberto M. Carvalho said there was no evidence that the group obtained “truly sensitive confidential information" about students”; however, he did note that the group did access personal information belonging to employees of district contractors.
During that same press conference, Carvalho said the data that was posted on the dark web revealed that the hack was “even more limited than we originally anticipated."
Follow KNX News 97.1 FM
Twitter | Facebook | Instagram | TikTok