Hackers Accessed Some LA Unified Employees’ Payroll Information: Officials
Hackers who breached the Los Angeles Unified School District’s (LAUSD) records last fall accessed payroll information for the district’s contractors and subcontractors—including names, addresses, and social security numbers, according to the district.
While the investigation is still ongoing, the district Jan. 9 “identified labor compliance documents, including certified payroll records, that contractors provided to L.A. Unified,” the district said in a data breach notice (pdf) sent to employees earlier this month.
Some of those files contained payroll information of contractors and subcontractors hired for some construction projects under the district’s facilities division, according to the notice.
It’s currently unclear whether hackers accessed information or payroll records related to LAUSD’s roughly 45,000 teachers and staff members.
A spokesperson for the district wasn’t immediately available for comment on the number of individuals whose information might be at risk.
The state requires entities to issue a data breach notice to potential victims. When the number of those affected surpasses 500 California residents, the entity must also submit the notice to the state attorney general’s office.
Attack Started Earlier Than Previously Reported
Though the district disclosed last year that the attack happened on Sept. 3, Saturday of the Labor Day weekend, the notice stated the hackers were active in the system since July 31. The district shut down its computer systems on Sept. 5 after flagging a data breach over the Labor Day weekend.
Weeks later, a ransomware group claimed responsibility for the hack and threatened to release the data unless they received a ransom from LAUSD.
When Superintendent Alberto Carvalho refused to pay the ransom, the group published the data leak online Oct. 1.
During a press conference two days later, Carvalho said an initial analysis of the published stolen data revealed no critical information involving current employees or students.
However, he said hackers obtained “limited information” including students’ names, attendance data, and “some academic information” from between 2013 and 2016.
The superintendent also said the total data stolen amounted to about 500 gigabytes—less than 0.5 percent of the district’s total digital records.
In the notice, the district added it has “implemented additional safeguards and technical security measures” to prevent such events in the future.
The LAUSD is also providing contractors and their employees a one-year free membership to Experian’s IdentityWorksSM, a service that helps detect misuse of their information, according to the notice.