LOS ANGELES (CNS) - Days after data hacked from the Los Angeles Unified School District was posted on the dark web, Superintendent Alberto Carvalho stood firm Monday on his refusal to pay ransom demanded by an international hacking syndicate, while the district opened a hotline for parents and staffers concerned about their personal information.
"I understand there will be many opinions on this matter but, simply said, negotiating with cybercriminals attempting to extort education dollars from our kids, teachers and staff will never be a justifiable option," Carvalho wrote on his Twitter page Monday morning. "LAUSD refuses to pay ransom."
The hacking syndicate known as Vice Society sent a ransom demand to the district last week -- a demand Carvalho quickly dismissed as "absurd" and "insulting." On Friday, the organization set a Monday deadline for the LAUSD to pay the unspecified ransom, threatening to release hacked data online absent payment.
But the syndicate over the weekend released some data anyway on the dark web. Authorities were still working to determine the extent of the information that was released.
"Unfortunately, as expected, data was recently released by a criminal organization," district officials said in a statement following the posting of information. "In partnership with law enforcement, our experts are analyzing the full extent of this data release."
The Los Angeles Times reported it had reviewed screenshots of the released data, which appeared to show some Social Security numbers. On Monday, the online technical news organization WebCrunch reported that the data released also appeared to contain information such as tax forms, passport details, contracts, legal documents, financial reports that include banking information, health and psychological assessments of students, including COVID- 19 test data, and "previous conviction reports."
According to TechCrunch, it received an email from Vice Society, which accused the U.S. Cybersecurity and Infrastructure Security Agency of being "wrong" to advise the LAUSD not to pay the ransom. The organization claimed to have dumped 500 gigabytes of data, according to TechCrunch.
It was unclear if additional data would be released following Monday's formal ransom deadline.
The LAUSD on Monday morning opened a hotline "to assist those from our school communities who may have questions or need additional support," according to the district. The hotline number, which will operate Monday through Friday from 6 a.m. to 3:30 p.m., is 855-926-1129. KNX Newsradio reported that the hotline quickly began experiencing long wait times for callers.
On Friday, in a dark web post detected and reprinted by Brett Callow of the cybersecurity firm Emsisoft, the hacking syndicate Vice Society listed the LAUSD as one of "our partners," and stated, "The papers will be published by London time on October 4, 2022 at 12:00 a.m."
The post did not give any indication about what information had been obtained or what would be published.
The district issued a statement Friday afternoon acknowledging the threatened information dump, and indicated it is "diligently working with investigators and law enforcement to determine what information was impacted and to whom it belongs."
Following the weekend release of information, Carvalho re-tweeted the statement, adding the following brief message: "Thank you to our students, families and employees for doing their part in the ongoing recovery from this cyberattack."
After discovering the Labor Day weekend hack, LAUSD officials took the extraordinary step of shutting down most of its computer systems while they worked to assess the full extent of the cyber intrusion. Systems were then slowly brought back online.
Carvalho said earlier the hackers appeared to have planted a series of digital "tripwires" that could have disabled more systems, so the district was being cautious about bringing computers back online.
No classes or other district operations have been impacted by the cyberattack, officials said. Students and staff, however, have been forced to reset their district passwords -- a monumental task for the nation's second- largest school district.
District officials said earlier that the attack temporarily interfered with the LAUSD website and email system. But officials said employee health care and payroll were not affected, nor did the hack impact safety and emergency mechanisms in place at schools.
Carvalho said previously officials did not believe any highly sensitive information was accessed.
"This entity did touch our MiSiS (My Integrated Student Information) System, which contains student information," Carvalho said. "To the best of our knowledge at this point ... we believe that some of the data that was accessed may have some students' names, may have some degree of attendance data, but more than likely lacks personally identifiable information or very sensitive health information or Social Security number information."
He said there was initially no sign that any sensitive employee information was accessed.
"This is the sad but new reality we are facing," Carvalho told reporters. "We are on one hand attempting to understand how the breach took place -- was it human error, meaning someone unknowingly responded to a phishing email that allowed unauthorized access, or was it a systemic failure on the part of a third-party entity that is connected to our system that opened the door?"
In its Friday statement, district officials said, "To our school community and partners, we will update you when we have relevant information and notify you if you personal information is impacted, as appropriate. We also expect to provide credit monitoring services, as appropriate, to impacted individuals.
"... Los Angeles Unified remains firm that dollars must be used to fund students and education. Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate. We continue to make progress toward full operational stability for several core information technology services."
Following the hack, the district contacted federal officials, prompting the White House to mobilize a response from the U.S. Department of Education, the FBI and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, according to the LAUSD.