“There’s no upside to ever paying a ransom,” said Turgal, “More likely than not, even if LAUSD would have paid the ransom, still would have disclosed the information” on their leak site.Ĭarvalho made it clear in several statements the district had no intentions of paying up, possibly prompting the criminals to publish the stolen data earlier than planned. Related: LA schools and the mystery of the missing ransom note.Turgal, now the vice president of cyber risk and strategy at Optiv Security, praised the district’s decision to withhold payment. James Turgal, a former executive assistant director for the FBI Information and Technology Branch, said it’s particularly important for officials to protect the sensitive data of children, who may “find out they own a condo in Bora Bora under their name 15 years from now” because their information was exploited. Children’s social security numbers are particularly valuable to identity thieves because they can be used for years without raising alarm. Breached records include contracts, financial information and personally identifiable data, Carvalho said.Ĭybersecurity experts have warned that the release of district data could come with significant risks for current and former students. On Monday, he said that information from private-sector contractors, particularly those in construction, appeared most impacted.
#Cyber cyndicate records full
The full scope of the information released is unclear, yet after reviewing about two-thirds of the data, Carvalho said that “so far, based on what we’ve seen, critical health information or social security numbers for students,” is not included.Ĭarvalho confirmed in a tweet on Sunday that LAUSD’s data had been published on the dark web, but did not verify the type of data that was leaked. Roughly 500 gigabytes of district data was made public on Sunday by the Russian-speaking ransomware gang, which took credit for stealing the district records in a massive data breach last month. “That is the extent of the student information data that we have seen.” The “vast majority” of exposed student data, including names, academic information and personal addresses, was from a period between 20. “We have seen no evidence that psychiatric evaluation information or health records, based on what we’ve seen thus far, has been made available publicly,” said Carvalho, who acknowledged the hackers had “touched” the district’s massive student information system. That reporting, Carvalho said, is “absolutely incorrect.” An initial news report on the data dump said that student psychiatric evaluation records had been published online, citing a confidential law enforcement source.
Yet in a press conference Monday, Superintendent Alberto Carvalho sought to downplay the damage done, particularly as it relates to records about children.
The data was posted to the gang’s dark-web “leak site,” after education leaders refused to pay - and at first even acknowledge - a ransom. The Vice Society ransomware gang reportedly published over the weekend a trove of sensitive student records from the Los Angeles school district. The ransomware gang Vice Society posted student data to its dark-web “leak site” after LAUSD leaders refused to pay a ransom.
0 kommentar(er)
