L.A. Schools Admits Sensitive Student Records Leaked After 74 Investigation
School district acknowledges some 2,000 student assessments 鈥 including those of 60 current students 鈥 exposed by hackers on the dark web
;)
Education news and commentary, delivered right to your inbox.
Sign up for 社区黑料 newsletter.
Get stories like this delivered straight to your inbox. Sign up for 社区黑料 Newsletter
After 社区黑料 published an investigation revealing that hundreds 鈥 if not thousands 鈥 of student psychological assessments were posted on the dark web, Los Angeles public schools acknowledged that the highly sensitive information had been exposed.
Its admission on Wednesday, which included the news that 60 current students鈥 records had been compromised, comes five months after the nation鈥檚 second-largest school district was the victim of a ransomware attack and four months after schools Superintendent Alberto Carvalho categorically denied that students鈥 psychological records were part of that breach.
鈥淎s the District and its partners delve deeper into the reality of the data breach, the scope of the attack further actualizes and new discoveries have been revealed,鈥 Jack Kelanic, the district鈥檚 senior administrator of IT infrastructure, said in a statement. 鈥淎pproximately 2,000 student assessment records have been confirmed as part of the attack, 60 of whom are currently enrolled, as well as Driver鈥檚 License numbers and Social Security numbers.鈥
社区黑料 published an extensive investigation by reporter Mark Keierleber Wednesday revealing that the records 鈥 among the most sensitive information school districts maintain on students 鈥 could be uploaded from a dark web leak site of the Russian-speaking ransomware gang Vice Society. The cyber criminal gang infiltrated LAUSD鈥檚 computer system last year and then released the records when the school district refused to pay an undisclosed ransom demand.
When presented with the results of 社区黑料鈥檚 investigation Tuesday, district officials did not retract or correct Carvalho鈥檚 earlier statements, which a district spokesperson said 鈥渨ere based on the information that had been developed at that time.鈥 The comments were made in early October, about a month after the cyber attack was first reported, and at a point where school district and law enforcement analysts had already reviewed about two-thirds of the data leaked on the dark web, according to the schools chief.
The district is now saying that notification to individuals whose information was posted has been slowed by the painstaking nature of the process and the fact that some of the records date back nearly 30 years. To comply with state privacy rules, the district posted to the California state attorney general鈥檚 office website in January disclosing that district contractors鈥 certified payroll records and their names, addresses and Social Security numbers were leaked.
School officials have not said anything publicly about notifying current or former students or district employees that their information has been compromised, but said Wednesday their investigation is ongoing and they 鈥渨ill continue notifying individuals as they are determined.鈥 A day earlier, a district spokesperson told 社区黑料 that no current or former students had been informed that their psychological records were posted online.
The records identified by 社区黑料 were at least a decade old and involve special education students. They include a comprehensive background on the student鈥檚 medical history, observations on their home and family life, and assessments of their cognitive, academic and emotional functioning.
鈥淚t could ruin careers, it could damage families, people could get fired, it could potentially increase the likelihood of self harm if they suffer some kind of mental trauma from it,鈥 a cyber security expert told the Los Angeles Daily News it published on the district鈥檚 response to 社区黑料鈥檚 investigation.
Did you use this article in your work?
We鈥檇 love to hear how 社区黑料鈥檚 reporting is helping educators, researchers, and policymakers.