Mark Keierleber’s article on The 74, noted on this blog yesterday and discussed by some of us on infosec.exchange, has apparently resulted in the district making some small admissions. Howard Blume reports:
The Los Angeles Unified School District disclosed Wednesday that “approximately 2,000 student assessment records” were posted on the dark web as a result of a recent cyberattack, including those for 60 who are currently enrolled.
[…]
The district did not directly address how many affected students or their families had been notified of the breach.
[…]
“Some of these records go back almost three decades which creates further time-consuming analysis,” the statement said. “Our review has also revealed positive COVID-19 test results were part of the breach. Further analysis is ongoing.”
Read more at the L.A. Times.
What were decades-old records doing even being connected online anymore? Why weren’t they offline, or even encrypted at rest?
And what does the district consider “assessment records?” What if they were just reports by doctors in the students’ files?
This incident continues to be a mess, and unfortunately, it is not atypical for the education sector. Brett Callow makes some interesting points in his comments to the L.A. Times reporter.