The Los Angeles Unified School District (LAUSD), which was hacked by the Vice Society ransomware group in 2022, has become the victim of cyberattacks again after the personal information of millions of students was put up for sale on a popular hacking forum.
Five databases containing confidential records of more than 26.4 million LAUSD students, faculty and staff have been put up for sale on the cyber fraud marketplace BreachForums. A seller named Satanic offered two samples for download, set the price at $5,000, and made his Telegram channel available to interested buyers. These files contain student demographics, meal plans, graduation status, coursework, and information about the school each student attends. LAUSD is the second largest public school district in the United States, serving more than 600,000 students.
Security experts warn that minors are especially vulnerable to fraud because their SSNs and other personal information can be used to open new accounts and build credit histories. In particular, Stuart Wells, CTO of identity verification company Jumio, points out that this can cause significant financial hardship for victims.
It is not known if the files were obtained in the recent breach or if they are part of the data stolen in the 2022 attack. Then LAUSD hacking group Vice Society released highly sensitive data, including student psychological evaluations. The Vice Society is known for its attacks on educational institutions and continued to attack other schools in the US and UK in 2023.
Security experts emphasize the importance of adopting comprehensive cybersecurity measures to protect data. For example, the US has developed a new $200 million CISA-supported cybersecurity pilot program to improve security in K-12 schools and libraries across the country.