The Los Angeles United School District (LAUSD) was hacked in early September, prompting a near total shutdown of school network systems during the week following Labor Day while law enforcement and the district worked to recover and clear systems of possible backdoors and tripwires, of which many were found. The nation’s second largest school district is one of over two dozen US school districts to be attacked this year, and as you can imagine, the hackers are counting on the threat of releasing student data to provide enough pressure to convince administrators to pay the ransom. While at least 2 of the attacked school districts have indeed capitulated to ransom demands, the LAUSD did not, and the hackers made good on their promise to release the data, which happened this past weekend.
What this means for you
According to a recent report from LAUSD officials, the 500 GBs of data leaked contained a fairly limited amount of truly sensitive data. There were concerns that very sensitive information, such as student psychological evaluations, might be a part of the data stolen, but apparently not. Regardless of the data contents, or how quickly they were able to restore service, this isn’t a good look for the LAUSD especially since so many parents entrust their child’s safety and privacy to the district. Nor would it be a good look for any company, big or small, even if they were able to ignore hacker demands and rely on data backups to bring operations back online. If any confidential customer data was leaked, depending on the type and number of records, the hacked organization might be legally obligated to notified those customers. If that company relied on insurance claims to help recover from a cyberattack, they will most certainly be scrutinized by their insurance company, as well as a third-party audit firm, and again, possibly by law enforcement if the affected database is large enough or contains certain protected information. Being able to recover from an attack is an absolute necessity you should be planning for, but preventing the attacks should be even higher priority, don’t you think? On top of having multiple layers of technical protection around your email services, office networks and remote worker computers, everyone should be trained on how to protect themselves by understanding how to spot potential phishing and social engineering attacks, and this requires systematic training, testing and tracking.
Image by Pete Linforth from Pixabay