DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Trove of L.A. Students’ Mental Health Records Posted to Dark Web After Cyber Hack

Posted on February 22, 2023 by Dissent

Mark Keierleber reports:

Detailed and highly sensitive mental health records of hundreds — and likely thousands — of former Los Angeles students were published online after the city’s school district fell victim to a massive ransomware attack last year, an investigation by The 74 has revealed.

The student psychological evaluations, published to a “dark web” leak site by the Russian-speaking ransomware gang Vice Society, offer a startling degree of personally identifiable information about students who received special education services, including their detailed medical histories, academic performance and disciplinary records.

But people are likely unaware their sensitive information is readily available online because the Los Angeles Unified School District hasn’t alerted them, a district spokesperson confirmed, and leaders haven’t acknowledged the trove of records even exists. In contrast, the district publicly acknowledged last month that the sensitive information of district contractors had been leaked.

Read more at The 74.

Mark is singing my tune about the failure to inform people that their sensitive personal information has been leaked or dumped publicly by criminals. There is no requirement under FERPA for schools to notify students or their parents of this, and there should be.

There needs to be regulations or laws requiring entities from all sectors to notify individuals directly, and when that is not possible or feasible, to use media press releases and substitute notices to alert people when a data breach has resulted in the public leak or dumping of sensitive personal information.

Vice Society is not the only ransomware group that has dumped sensitive student data. If colleges find sensitive reports, will it impact students’ chances of getting into college? Will it impact their chances of getting jobs? And how can they take steps to protect their records and reputation if the entity responsible for securing their information does not even tell them that their data have been leaked?

Category: Commentaries and AnalysesEducation SectorHealth DataMalwareOf NoteU.S.

Post navigation

← National Credit Union Administration Finalizes 72-Hour Cyber Incident Reporting Rule
Digital Healthcare Platform Ordered to Pay Civil Penalties and Take Corrective Action for Unauthorized Disclosure of Personal Health Information →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say
  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide
  • Russian national and leader of Qakbot malware conspiracy indicted in long-running global ransomware scheme
  • Texas Doctor Who Falsely Diagnosed Patients as Part of Insurance Fraud Scheme Sentenced to 10 Years’ Imprisonment
  • VanHelsing ransomware builder leaked on hacking forum
  • Hack of Opexus Was at Root of Massive Federal Data Breach
  • ‘Deep concern’ for domestic abuse survivors as cybercriminals expected to publish confidential abuse survivors’ addresses
  • Western intelligence agencies unite to expose Russian hacking campaign against logistics and tech firms

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach
  • Drugmaker Regeneron to acquire 23andMe out of bankruptcy

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.