Southern California

Hackers Accessed Some LA Unified Employees’ Payroll Information: Officials

Save
Hackers Accessed Some LA Unified Employees’ Payroll Information: Officials
A school administrator confirms student health check data on a laptop computer as students and parents wait in line to enter school at Grant Elementary School in Los Angeles on Aug. 16, 2021. (Robyn Beck/AFP via Getty Images)
Micaela Ricaforte
1/23/2023
Updated:
1/25/2023
0:00

Hackers who breached the Los Angeles Unified School District’s (LAUSD) records last fall accessed payroll information for the district’s contractors and subcontractors—including names, addresses, and Social Security numbers—according to the district.

While the investigation is continuing, the district on Jan. 9 “identified labor compliance documents, including certified payroll records that contractors provided to L.A. Unified” that were stolen, it stated in a data breach notice sent to employees this month.

The undated LAUSD notice (pdf) was released by the state Attorney General’s Office. California requires entities to issue a letter of notice to potential victims in such incidents. When the number of those affected surpasses 500 California residents, the entity must also submit the letter to the Attorney General.

Some of the breached files contained the payroll information of contractors and subcontractors hired for construction projects under the district’s facilities division, according to the notice.

A spokesperson for the district wasn’t available by press time for comment on the number of individuals whose information might be at risk.

Attack Began Earlier Than Previously Reported

While the district disclosed last year that the attack began on Sept. 3, 2022, the notice stated that hackers had been active in the system since July 31, 2022. The district temporarily shut down its computer systems on Sept. 5, 2022, after learning of the Labor Day weekend breach.

Weeks later, a ransomware group claimed responsibility for the hack and threatened to release the data unless they received a ransom from LAUSD.

When LAUSD Superintendent Alberto Carvalho refused, the group published the data online on Oct. 1, 2022.
During a press conference two days later, he said an initial analysis of the published stolen data revealed no critical information involving current employees or students. However, he acknowledged that the hackers had obtained “limited information,” including students’ names, attendance data, and “some academic information” from 2013 to 2016.

The superintendent also said the data stolen amounted to about 500 gigabytes—less than 0.5 percent of the district’s total digital records.

In the notice, the district noted that it has “implemented additional safeguards and technical security measures” to prevent such events in the future.

The LAUSD is also providing contractors and their employees a one-year free membership to Experian’s IdentityWorksSM, a service that helps detect misuse of their information, according to the notice.