by data release Stolen from Los Angeles Unified School on the dark web, hackers have made a bad situation worse for some parents, students, employees, and contractors in Los Angeles.
However, there are measures you can take to protect yourself from identity theft and other types of exploitation. And it makes sense to do it even though Los Angeles Unified Supt. Alberto Carvalho He said on Monday that a small amount of sensitive personal information was released.
“Although there is a lot of information out there, very little of it is either extremely important or classified,” he said.
The investigation is ongoing, and about a third of the material released has not been vetted by the LAUSD. This leaves people who have interacted with the area guessing if they were victims, and if they were, what types of statements were released. Carvalho also said that the region does not yet know, and may never know how hackers – A group that calls itself the deputy of society and has claimed credit – Slithered into parts of the LAUSD network and disabled it.
According to the directorate, the attack caused most of the damage to the area’s utility services department, which oversees maintenance and construction. Another major system affected, Carvalho said, is the system that maintains data about students and their classes, particularly the system that archived data from 2013 to 2016. By shutting down the rest of the network soon after the intrusion was discovered, Carvalho said, the district was able to limit hackers’ access.
The supervisor said the hackers extracted 500 gigabytes of data from the area, or enough to fill it Over 100 standard DVDs. That’s a fraction of the 16 million gigabytes that data district administrators say their system stores.
Take Crunch On Monday, it said the underlying data “appears to contain personally identifiable information, including passport details, Social Security numbers, and tax forms,” as well as “contracts, legal documents, and financial reports containing bank account details and health information including COVID test data.” -19 and previous conviction reports and psychological assessments of students.”
Carvalho responded during an afternoon news conference, saying the district had not seen any evidence of psychiatric assessments or health records in the released statements.
If you are a student, parent, employee, or contractor with LAUSD, here are the steps you should take now to assess risk and protect yourself.
under State LawSchool districts have been prohibited from collecting students’ Social Security numbers since 2017, except as required by law (for example, when the student is a paid employee). So for many kids, this should be less than what to worry about.
Carvalho said the archived records contain Social Security numbers for some of the students, along with names and addresses. But Carvalho said there was no evidence at this point that Social Security numbers or sensitive health information had been released. Instead, he said, it’s students’ names, attendance data, some academic information, and some addresses that might be associated with students who live there.
Carvalho said there was no evidence of disclosure of confidential information to current employees, including Social Security numbers and payroll information. Instead, he said, personal information was disclosed to a limited number of workers who work for maintenance or construction contractors. This included some W-9 tax forms, documents that contractors typically file and that contain either a Social Security number or a taxpayer identification number.
Identity thieves care about more than your Social Security number. The more personal data they can collect, the more they can impersonate you when dealing with your bank, service providers, and your contacts. The data can also help them perform more effective phishing attacks against other networks by helping them impersonate trusted connections more credibly, said Brett Kalou, threat analyst at security firm Emsisoft.
Take proactive steps to protect against identity theft
Again, it is not clear at this point who exactly was affected. But it wouldn’t hurt to make yourself less vulnerable now.
Check to see if your email credentials were stolen in a data breach by visiting HaveIBeenPwned.com. If so, change your password immediately.
Check your credit score regularly, which is a good way to spot fraud after it has happened. For example, someone usually opens a credit card account in your name Lower your credit score. Outline of the Consumer Financial Protection Bureau Several ways to check your scoreEither for free or for a fee.
For more protection, freeze your credit files, This will prevent anyone from opening a new account. You can place the freeze for free and raise it according to your own needs. But you have to contact each of the Three major credit reporting companies individually, which you can do online. Cyber security journalist Brian Krebs also suggests freezing credit files held by a few smaller people, specialized agenciesSuch as ChexSystems And the trust factor.
Or sign up for Credit and Identity Monitoring Service, which usually incurs a monthly fee. These outlets provide tools to protect you from phishing and other forms of hacking, along with scanning services that look up your Social Security number or email address in places you don’t belong online.
Carvalho said the district will provide a free credit monitoring service to anyone whose personal information is released by hackers.
Call the hotline set up by LAUSD
The hot line number – (855) 926-1129 – Only reply from 6am to 3:30pm on weekdays, only limited amount of information is provided. For example, operators are not yet able to answer questions about who was affected and what data was compromised, saying that these matters are still being investigated. “We are still working hard with law enforcement to find out what information has been taken and who it belongs to,” one of the operators told The Times.
What the hotline can do at this point is recommend a number of steps that people can take to protect themselves from online identity thieves. This includes not clicking on any emails or texts from unknown senders and creating a unique password for each account you have online. To help remember all these passwords, Think about a password manager app Like LastPass or Dashlane.
According to the hotline operator, the district will provide more information once it knows what data was stolen, and will contact the affected individuals. How long it would take to do this, however, is unknown.
Understand what you are facing
Many parents wonder why intruders attack a school district. Security experts say the answer is because they are opportunists, so they will attack anything that appears vulnerable.
Vias Sekar, a professor of electrical and computer engineering at Carnegie Mellon University, said hackers are constantly scanning the Internet for vulnerabilities, as well as sending out spam emails with phishing attempts. They will also buy hacked credentials for targets they find attractive, Kalou said.
The attack on Los Angeles included two attempts to blackmail the region. The hackers encrypted some data on the network to make it inaccessible, then offered to provide the decryption key for an undisclosed amount of money. They also threatened to sell the data they copied unless the region paid the ransom.
The region did not reveal how the attack was carried out. The Federal Cybersecurity and Infrastructure Security Agency, which Issue a warning About the Vice Society shortly after the hack was discovered, it said that it typically gained access to networks in one of two ways: by exploiting a vulnerability in a segment accessible to the public, or by obtaining a valid login and password through deception.
“Schools are in a very difficult situation,” Kalou said. “People want them to spend money on children’s education, put millions of dollars into additional IT security measures, and IT staff may not be the most politically popular decision, until something like this happens.”
This is a widely shared problem, Secar said. “For most of these organizations, security is a cost center. It’s a budget item with no immediate benefit. … you crash and burn, and only then do you feel, ‘Oh, I should have had a fire department.’”
Sekar said there are two primary things schools can do to protect themselves, encrypt all sensitive documents they store and have a backup plan for them when they are hacked. He said that backing up data and platforms will at least ensure that the system cannot be shut down in a ransom attack.
Times Team Writer Howard Bloom Contribute to this report.
About the Times Utility Press Team
This article is from the Times’ companion press team. Our mission is to be essential to the lives of Southern Californians by disseminating information that Solves problems, answers questions, and helps make decisions. We serve audiences in and around Los Angeles – including current subscribers to the Times and diverse communities whose needs have not historically been met through our coverage.
How can we be beneficial to you and your community? Email Tool (at) latimes.com or one of our journalists: Matt BallingerAnd the John HealyAnd the Ada TsingAnd the Jessica Roy And the Karen Garcia.
Tech3 months ago
Fashion3 months ago
Tech4 months ago
Tech4 months ago