Personal data of 26M LAUSD students put up for sale on hacker forum


The Los Angeles Unified School District (LAUSD) – hacked by the Vice Society ransomware group in 2022 – is suffering at the hands of cybercriminals once again after millions of students’ personal information was found up for grabs on a popular hacker forum.

At least five databases filled with the sensitive records of more than 26.4 million LAUSD students, teachers, and staff members were posted for sale Thursday on the notorious cybercriminal marketplace BreachForums.

The seller – a BreachForums user named Satanic – provided two sample links for download, a $5,000 price tag, and their Telegram channel for interested buyers.

ADVERTISEMENT

Several master files appear to contain the most student data, which is said to include demographics (ethnicity, race, gender), meal plans, graduation status, coursework, and which school each student attends out of 1000 in the district.

LAUSD data BreachForums
Data containing 26.4 million student records is allegedly listed for sale by a BreachForums user. Image by Cybernews.

According to the US Department of Education, LAUSD is the second-largest public school district in the US, behind the New York City public school system. The district serves more than 600,000 students in grades K-12 and employs close to 75,000 teachers and staff.

Stuart Wells, CTO at Identity Verification Solutions firm Jumio explained that minors are a population particularly vulnerable to fraud.

“Scammers can use their SSNs and other personal details to open new accounts, build credit histories, and rack up debt before the minor, or their guardian, is even aware of the issue,” he said.

Wells also points out that “by the time the fraudulent activity is discovered, it can be a complex and lengthy process to resolve, causing significant financial hardship for the victim.”

“After all, how often does a minor check their credit score?” Wells said, adding that the breach is a “stark reminder of the significant vulnerabilities among infrastructures carrying critical data.”

Already leaked data?

ADVERTISEMENT

Besides its contents, what’s not clear is if the files are from a recent breach or are a recycled cache of sensitive data stolen from the District in a crippling ransomware attack that happened in September 2022.

That attack knocked out access to LAUSD email, computer systems, and applications, leaving teachers unable to access lesson plans or mark attendance.

The 2022 LAUSD breach was claimed a month later by the Vice Society ransomware group, a Russian-speaking gang known for their attacks on the education sector.

The ransom cartel announced the conquest on its dark victim blog, along with a leak of the data it had stolen in the attack.

At the time, a law enforcement source told local news outlets that the stolen documents included extremely sensitive data, such as psychological assessments of students.

Vice Society said it published the data due to interference by the US Cybersecurity and Infrastructure Security Agency (CISA), rumored to have blocked the school from paying any kind of ransom demand.

In 2023, the gang went on to breach the Lewis and Clark College in Oregon, Guildford County School in the UK, Canada’s Okanagan College, Monmouth College in Illinois, and Mount St. Mary's College in New York.

Treasure trove of data

ADVERTISEMENT

Security experts say that because educational institutions keep a wealth of private data – and the potential ramifications of that data being exposed, both legally and financially – school districts have been known to pay hackers’ ransom demands quickly, making school systems a prime target for ransomware groups over the years.

“Additionally, many schools operate with limited IT budgets and staff, leading to outdated software and insufficient cybersecurity defenses,” said Paul Prudhomme, Principal Security Analyst at SecurityScorecard.

This “underscores a growing and urgent issue facing educational organizations nationwide… particularly vulnerable due to the vast amount of personal data of students and staff they store,” Prudhomme said.

To help better defend against ransomware attacks, the US government this week adopted a new CISA-backed $200 million cybersecurity pilot program to improve security at K-12 schools and libraries across the nation.

Prudhomme stressed the importance of educational institutions adopting comprehensive cybersecurity measures. “Keeping software up to date is crucial, as unpatched software is a common entry point for threat actors,” he said.

The security analyst also suggests “regular cybersecurity training for all members of the school community” as well as “developing and testing incident response plans,” which he said can help to improve overall awareness and vigilance against phishing attacks.

Wells further mentioned the need to implement modern verification technologies to strengthen the protection of sensitive user data, such as biometric identity methods.

"Illegitimate users and hackers are stopped before they can do more harm as they need more than a set of credentials to log in," Wells said.

ADVERTISEMENT