Los Angeles Unified School District confirms SSNs leaked in September ransomware attack

The Los Angeles Unified School District (LAUSD) sent out breach notification letters to an unknown number of contractors in recent days notifying them that sensitive information – including Social Security numbers – was leaked during a wide-ranging cyberattack last year

The school district said an investigation revealed that from July 31 until September 3 hackers had access to LAUSD servers containing contractor information provided to the district. 

Those affected include current and former contractors and subcontractors who had provided the district with personal information in connection with Facilities Services Division projects.

“Our review of the files that were accessed and acquired by the unauthorized actor is still ongoing. However, on January 9, 2023, we identified labor compliance documents, including certified payroll records,” officials said

“Those files contained the names, addresses and Social Security numbers of contractor and subcontractor employees and other affiliated individuals.”

The ransomware attack on LAUSD drew national headlines and widespread attention from the White House, FBI and Cybersecurity and Infrastructure Security Agency after it was revealed on the morning of September 6 – right as the school year was beginning. 

In October, LAUSD superintendent Alberto Carvalho confirmed that the hackers – who used the Vice Society ransomware – leaked sensitive data from students after the district refused to pay what it called an “insulting” ransom demand.

LAUSD is the second-largest school district in the country and last year served an estimated 574,570 students across early education, elementary, secondary, and adult education classes, according to the district’s data. It operates more than 1,400 schools and educational centers, while employing more than 73,000 people. 

The hackers claimed they stole 500 GB of data, sharing several samples of W-9 forms and contracts from the leak. Researchers said the data included SSNs, contracts, invoices, passports and more.

Carvalho at first denied that sensitive employee information was stolen, and the district later claimed employee healthcare and payroll details were not involved in the attack. CISA’s Executive Assistant Director for Cybersecurity Eric Goldstein said the agency worked with LAUSD alongside the FBI, Department of Education and local law enforcement to respond to the attack. 


LAUSD is offering a free one-year membership for Experian IdentityWorks – a service that helps detect possible misuse of personal information.

The school district said it is still investigating the incident to understand the full scope of the fallout when it comes to the data of students, faculty and parents.

Since the attack on LAUSD, hackers using the Vice Society ransomware have targeted dozens of colleges, universities and grade schools across the world, ranging from Elmbrook School District in Wisconsin to Cincinnati State College, Linn-Mar School District in Iowa, and Grand Valley State University in Michigan. 

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.