Hackers leak 500GB trove of data stolen during LAUSD ransomware attack

Hackers have released a cache of data stolen during a cyberattack against the Los Angeles Unified School District (LAUSD) in what appears to be the biggest education breach in recent years.

Vice Society, a Russian-speaking group that last month claimed responsibility for the ransomware attack that disrupted the LAUSD’s access to email, computer systems and applications, published over the weekend the data stolen from the school district. The group had previously set an October 4 deadline to pay an unspecified ransom demand.

The stolen data was posted to Vice Society’s dark web leak site and appears to contain personal identifying information, including passport details, Social Security numbers and tax forms. While TechCrunch has not yet reviewed the full trove, the published data also contains confidential information including contract and legal documents, financial reports containing bank account details, health information including COVID-19 test data, previous conviction reports and psychological assessments of students.

Vice Society, a group known for targeting schools and the education sector, included a message with the published data that said the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the government agency assisting the school in responding to the breach, “wasted our time.”

In an email, Vice Society told TechCrunch that CISA allegedly stalled the release of data and that CISA was “wrong” to advise LAUSD not to pay the ransom demand. (CISA and the FBI have long discouraged victims from paying the ransom as to not “embolden adversaries to target additional organizations.”) “We always delete documents and help to restore network [sic], we don’t talk about companies that paid us,” the cybercriminals said. “Now LAUSD has lost 500GB of files.”

CISA did not immediately respond to a request for comment.

LAUSD superintendent Alberto M. Carvalho confirmed the release of stolen data in a statement posted to Twitter on Sunday, along with announcing a new hotline starting Monday morning — (855) 926-1129 — for concerned parents and students to ask questions about the cyberattack.

Just hours before the public release of the stolen data, LAUSD posted…