The data taken from the school system was made public over the weekend by Vice Society, a Russian-speaking organisation claiming responsibility for the ransomware attack that prevented the LAUSD from accessing email, computer systems, and applications, reports TechCrunch.
The group had previously set an October 4 deadline to pay an unspecified ransom demand.
The stolen data was posted to Vice Society’s dark web leak site and appears to contain personal identifying information, including passport details, Social Security numbers and tax forms.
As per the report, the published data also contains confidential information, including contract and legal documents, financial reports containing bank account details, health information, including Covid-19 test data, previous conviction reports, and psychological assessments of students.
Vice Society, a group known for targeting schools and the education sector, included a message with the published data that said the US Cybersecurity and Infrastructure Security Agency (CISA), the government agency assisting the school in responding to the breach, “wasted our time”.
In an email, Vice Society told TechCrunch that CISA allegedly stalled the release of data and that CISA was “wrong” to advise LAUSD not to pay the ransom demand.