The Los Angeles Unified School District is now admitting that the scope of its 2022 data leak due to a cyberattack was far worse than initially reported, compromising about 2,000 student assessment records as well as positive COVID test results, driver’s license numbers and Social Security numbers.
The disturbing new information was provided to the Los Angeles Daily News by Jack Kelanic, senior administrator of IT infrastructure for LAUSD, after the nonprofit newsroom The 74 published a report this week revealing that hundreds of former students’ psychological evaluations had been published on the dark web.
The leaked student psychological evaluations contain intimate details about students’ medications, diagnoses, incidents of sexual abuse, home lives, past traumas and behavioral challenges.
“This is some of the most sensitive information you could possibly have about someone that could embarrass them for the rest of their lives,” said Ariel Harman-Holmes, LAUSD parent and vice chair of the Community Advisory Committee for Special Education. “It’s extremely troubling.”
The evaluations were part of the data released by the Russian criminal syndicate Vice Society, who attempted to get a ransom from the school district for the 500 gigabytes of data they stole in a September 2022 cyber attack. When the district refused to negotiate with them the syndicate published thousands of files on the dark web on Oct. 1, 2022.
Initially, LAUSD Superintendent Carvalho painted a somewhat sunny picture of the damage, saying there was “no evidence of widespread impact, as far as truly sensitive confidential information.” He said that in early October after the district reported that it had analyzed two-thirds of the leaked data.
At the time, Carvalho was adamant that no psychological evaluations were included in the data leak.
But now, after the publication of The 74’s investigation, the district has changed its tune.
“The aftermath of a cyberattack is a…
Read the full article here
