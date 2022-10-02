An analysis of stolen school district data made public by a criminal hackers showed no evidence that the cyberattack accessed sensitive student or staff personal data, the district superintendent said today.
The attack, said Superintendent Alberto Carvalho, was "even more limited than we originally anticipated."
But Carvalho conceded that some personal information, such as Social Security numbers, passport details and other financial data involving outside contractors, appeared to have been obtained and posted.
But in terms of LAUSD students and staff, there was "no evidence of widespread impact as far as truly sensitive confidential information."
Carvalho acknowledged continued uneasiness among district parents and employees, one day after an apparently Russia-based hacking organization posted an array of stolen LAUSD data on the dark web. The posting came ahead of a previously announced Monday deadline the hacking group gave the district to pay an unspecified ransom it had demanded.
The early release of the data appeared to follow repeated assertions by Carvalho and the district that it had no intention of paying any type of ransom.
Speaking at a late afternoon news conference this afternoon, Carvalho said early media speculation about the contents of the hacked data was largely inaccurate -- most notably a report that psychiatric evaluations of students was posted online.
According to Carvalho, the information posted online from the Labor Day weekend hacking attack did not appear to contain any critical data involving current district employees.
As he stated previously, he confirmed that the hackers did appear to access the district's student information system, and obtained some limited information, such as students' names, attendance data and "some academic information." But Carvalho said that data appeared to be "archived" information dating back to 2013-16.
"We believe the vast majority of that data is not recent data," he said.
Carvalho credited the limited nature of the hacked material to the district's decision to immediately shut down the vast majority of its computer systems once staffers detected unusual activity on its servers over Labor Day weekend.
He said the move "basically stopped the intrusion."
"It was the equivalent of shutting the doors on this entity," Carvalho said.
The superintendent sought to reassure district parents and staffers about the limited nature of the information that was obtained by the hacking group, which identified itself online as the Vice Society.
"We understand that this is an issue of grave concern to our community," he said.
The district this morning opened a hotline for parents and staff to get information about the hacking attack. But the phone system was immediately overwhelmed with callers, some of whom waited up to an hour to get a response, and even then the available information was limited.
Carvalho said the hotline was being operated by a third-party contractor hired by the district, and he said the company was put on notice that it needed to dedicate more personnel to the line to improve its operation. Starting Tuesday, the hotline will operate from 8 a.m. to 8 p.m.
The hotline number is 855-926-1129.
During his news conference, Carvalho did not name the hacking organization involved in the data theft, although he confirmed it appeared to be based entirely within Russia. He noted that the group made use of computer servers in the Netherlands, Germany and Canada.
Today the tech news organization TechCrunch reported that it received an email from Vice Society, which accused the U.S. Cybersecurity and Infrastructure Security Agency of being "wrong" to advise the LAUSD not to pay the ransom. The organization claimed to have dumped 500 gigabytes of data, according to TechCrunch.
Carvalho stressed today that no negotiations occurred, either directly or indirectly.
He again expressed his insistence that the district would never waste education dollars on "subsidizing via extortion a criminal enterprise."
