LOS ANGELES (KABC) — Hackers who broke into the Los Angeles Unified School District’s systems last month did not obtain large amounts of the most sensitive student and staff data, such as social security numbers, the district chief said Monday.
Superintendent Alberto M. Carvalho held a press conference to dispel rumors that the hackers had obtained highly sensitive information, such as social security numbers or psychiatric records, and published it on the dark web.
“Based on what we know today, we can confirm that the release was indeed more limited than we originally anticipated,” said Carvalho.
He acknowledged that some “outliers” or isolated cases of sensitive data may be released. Some independent contractors working for the district may also have released some information such as: B. A small number of W-9 tax forms submitted in connection with applying for contracts.
Other data obtained was student attendance and academic data from 2013-16, he said.
Full press conference by LAUSD Superintendent Alberto Carvalho on October 3, 2022
He also acknowledged that there is no guarantee that they have not received more sensitive information that they have not yet made public. But he said based on the group’s previous pattern, experts say the most sensitive information has since been released.
“Our concerns have de-escalated rather than increased,” he said. “That’s good news.”
The district is reaching out to those who may be affected and is asking parents and students not to call just to find out if their own personal information has been released.
“No news is actually good news,” he said.
According to Carvalho, experts have analyzed server data and the group’s patterns and believe they are likely operating somewhere in Russia.
A key element that limited the scope of the attack, he said, was that district employees were able to detect the intrusion as it happened and shut down systems. With similar attacks on other entities, the breach is often not recognized until it is complete.
County officials estimate the hackers obtained about 500 megabytes of information — or the amount that could be stored on a single PC. In comparison, the district’s systems manage thousands of times more information.
The cyberattack was discovered over Labor Day weekend by county officials who shut down the systems.
A criminal hacking group later came forward and demanded a ransom payment or said the data would be published on the dark web.
The district made it clear that it would not pay or negotiate a ransom, and reports from cybersecurity experts suggested information was released on the dark web this weekend. But the volume and sensitivity were far lower than feared.
A hotline has been set up for anyone in the school community with questions about the attack.
The number is (855) 926-1129. Hours of operation are 6:00 a.m. to 3:30 p.m. Monday through Friday, excluding major US holidays.
Copyright © 2022 KABC Television, LLC. All rights reserved.
https://abc7.com/lausd-hack-superintendent-alberto-carvalho-cyberattack/12292279/ LAUSD Superintendent Alberto Carvalho says hackers failed to obtain highly sensitive student and staff data