Just when we thought the painful trend of ransomware attacks on public schools might be waning, news arrived of a massive incident. Over Labor Day weekend, the country’s largest school district, Los Angeles Unified, experienced a ransomware attack. The district serves 600,000 students and described “significant disruptions affecting access to email, computer systems, and applications.”
There was good news, though. The district appeared to catch the attack early, shut its systems down and avoided more serious problems. A lot of the time these attacks result in the loss of social security numbers and all kinds of other data, amounting to a serious violation of children’s privacy. For such a large district, this could have been catastrophic. LAUSD’s impressive response likely resulted from some smart preparation.
LAUSD was unfortunately not the only school to be victimized this year, and in other cases, some of the consequences appear to have been more severe. Staff at Cedar Rapids, Iowa schools saw their personal information stolen this summer, including Social Security numbers, driver’s license numbers, bank account numbers, and even medical history information.
The district is offering a free year’s worth of crediting monitoring services to affected employees. Another incident in Iowa involved an extortion threat from attackers calling themselves Vice Society, saying they would upload stolen files if a ransom wasn’t paid – a common tactic of cyber criminals. It remains unknown whether the two incidents might be related.
Elsewhere, a school district in Texas was forced to hold classes without access to the internet, following a ransomware attack. This included closing the campus to visitors because the screening system couldn’t be accessed.