Select Page

The breach of LA Unified School District (LAUSD) highlights the prevalence of password vulnerabilities, as criminal hackers continue to use breached credentials in increasingly frequent ransomware attacks on education.

The Labour Day weekend breach of LAUSD brought significant districtwide disruptions to access to email, computers, and applications. It’s unclear what student or employee data the attackers exfiltrated.

There is a significant trend in ransomware breaches in education, a highly vulnerable sector. The transitory nature of students leaves accounts and passwords vulnerable. The open environments schools create to foster student exploration and the relative naivete in the sector regarding cybersecurity invite attacks.

The breach at LAUSD and what happened afterward

Four days post-breach, reports came that criminals had offered credentials for accounts inside the school district’s network for sale on the dark web months before the attack. The stolen credentials included email addresses with the suffix as the usernames and breached passwords.

LAUSD responded in its update that “compromised email credentials reportedly found on nefarious websites were unrelated to this attack, as attested by federal investigative agencies.” The LAUSD breach report confirmed the FBI and CISA as investigators.

images from Hacker News