In September, we reported about a Ransomware attack that hit the Los Angeles Unified School District which forced a shutdown of the district’s computer systems and left officials on high alert. About a month later, the cybercriminals behind the attack have begun to release personal data of students and staff members who were victimized in the breach.

“Unfortunately, as expected, data was recently released by a criminal organization,” LAUSD Superintendent Alberto Carvalho posted in a tweet.

The group behind the attack, Vice Society, started to release the stolen data on Monday after LAUSD refused to pay the ransom’s demand. The gang posted a 500GB archive that contains Social Security numbers, passport details, and tax forms. However, in the hours since, Vice Society’s web pages have gone down.

The ransomware gang claims that the US Cybersecurity and Infrastructure Security Agency (CISA) “wasted our time,” which likely means that CISA “successfully stalled the release of the data,” according to Brett Callow, a threat analyst at Emsisoft.

Whatever the scenario, Vice Society says it will now “waste CISA[‘s] reputation,” according to a post on its dark web site before it went down.

The number of students and staff members victimized by the data leak is not known for sure. LAUSD is still working with law enforcement to analyze the full extent of the data release before victims are notified. What is clear is that it can have a devastating impact on the privacy of numerous students. LAUSD is the second largest school district in the US and serves over 640,000 children across over 1,000 schools.

Law enforcement told NBCLosAngeles that some of the files that were made public by the attackers included “confidential psychological assessments of students,” along with contract and legal documents.

LAUSD is using their breach as an opportunity to warn school districts across the country they need to be on guard against ransomware.

“Los Angeles Unified remains firm that dollars must be used to fund students and education. Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate,” the district said in a statement.

Story via PC Magazine