Dive Brief:
- The Los Angeles Unified School District said a ransomware attack over Labor Day weekend took down many of its IT systems, including attendance tracking software, email, storage and other systems provided by Google Workspace. Schools opened as scheduled Tuesday despite the attack.
- The cyberattack on the nation’s second-largest school system is “likely criminal in nature,” and multiple federal authorities are assisting with response, the district said in a statement Tuesday. The White House is coordinating those efforts with the U.S. Department of Education, the FBI and the Cybersecurity and Infrastructure Security Agency.
- Students and employees were instructed to change passwords for their accounts, and the password resets must be completed at a school or administrative site. The district warned there may be delays due to high demand on its systems.
Dive Insight:
This is the second time LAUSD has been impacted by a major cyberattack within a year. In May, the California Department of Justice said a data breach tied to a cyberattack on ed tech provider Illuminate Education affected the district. That incident occurred in December and January, according to the state’s justice department.
Additionally, the FBI, Cybersecurity and Infrastructure Security Agency, and Multi-State Information Sharing and Analysis Center released a joint statement Tuesday warning that a hacker group called Vice Society has disproportionately targeted the education sector with ransomware attacks since the summer of 2021.
Schools and other academic institutions are commonly targeted by ransomware gangs. The financial and operational impacts of the attacks are often disproportionately greater compared to organizations in other industries.
Larger school districts are significantly more likely to report cyber incidents, according to a report released earlier this year by K12 Security Information Exchange, or K12 SIX, a nonprofit organization that aims to protect schools from cybersecurity threats.
This may be because larger districts use more devices compared to smaller school districts, the K12 SIX report said. There are also more users prone to making mistakes in bigger school districts, and they have more funds available in their budgets, the report added.
Other large districts, such as New York City Public Schools and Chicago Public Schools, have fallen victim to data breaches caused by cyberattacks on ed tech providers in 2022, as well.
LAUSD maintains the attack won’t prevent schools from providing instruction, transportation, food or after-school programs, but warns business operations may be delayed or modified. Critical business systems, including employee healthcare, payroll, safety and emergency mechanisms at schools were not impacted, according to the district.
“While the investigation continues, Los Angeles Unified has swiftly implemented a response protocol to mitigate districtwide disruptions, including access to email, computer systems and applications,” the district said.
Multiple teachers, parents and students took to social media to report problems accessing systems and lesson plans, the Los Angeles Times reported. The districtwide password reset requirement will likely cause further delays and confusion until access is broadly restored.
The district said state and federal agencies are assisting with its near- and long-term response. An independent task force is charged with developing recommendations within 90 days, and the district plans to further benefit from an advisory council and technology advisor that will assess IT operations and provide ongoing cybersecurity guidance.
The district also called for a “full scale reorganization of departments and systems to build coherence and bolster district data safeguards.”
The Los Angeles Unified School District serves more than 600,000 students at more than 1,000 schools spread across 720 square miles. It is the second-largest employer in Los Angeles County with more than 75,000 employees.