Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Students’ mental health records leaked online following US school district hack

The fallout from the hacking of a Los Angeles Unified School District last September continues, as the threat actor behind the ransomware attack has been posting student details on the dark web.

user icon David Hollingworth
Thu, 02 Mar 2023
Students’ mental health records leaked online following US school district hack
expand image

The infamous hacking group Vice Society managed to exfiltrate 500GB of data during the attack and immediately began to extort the school district. But the district’s superintendent Alberto M. Carvalho refused to pay up.

No doubt incensed at the lack of a payout, Vice Society is now publishing the data, which includes student assessments, Social Security and driver’s licence numbers of students, and mental and medical records. This is despite Carvalho saying, at the time of the hack, that no personal information of students or staff was compromised.

Vice Society gave the district three days to comply with the ransom demand and started leaking data soon after the deadline expired. But, according to Bloomberg, the parents of the affected students are only just this week finding out that the data is being published.

============
============

There are even reports that the hackers are publishing photos of victims alongside their data, as well as taunting certain individuals with their leaked data.

“They are more than happy to make people’s lives difficult,” Michael Sikorski, chief technology officer and vice-president of engineering at Palo Alto Networks’ Unit 42, told Bloomberg.

“Schools are sitting ducks because they are already short-staffed, never mind patching software and updating its infrastructure in order to teach remotely.”

Vice Society is known for targeting organisations in the education and healthcare sectors and is believed to be Russia-based. The group has been in operation since 2021 and recently took responsibility for a ransomware attack against Fire Rescue Victoria (FRV).

FRV reported the attack late last year, after the hack forced the first responder to take some of its communications infrastructure offline. FRV was reduced to using employee mobile devices for some comms.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.