L.A. Schools Investigates Data Breach as FCC Approves $200M Cybersecurity Pilot
In a striking coincidence marking the urgency of cybersecurity within educational institutions, the Los Angeles Unified School District (LAUSD) finds itself grappling with a possible data breach. This unsettling news broke as the Federal Communications Commission (FCC) endorsed a substantial $200 million pilot program aimed at augmenting cybersafety measures for K-12 schools and libraries across the nation.
A spokesperson for the LAUSD confirmed ongoing investigations into a suspicious listing on a dark web market. This listing, made by a user dubbed “The Satanic Cloud,” reportedly offered over 24 million sensitive records for $1,000. This development emerges almost two years post a ransomware attack on the district, which exposed considerable student data, highlighting the recurrent challenge of cyberattacks plaguing educational entities.
FCC Chairwoman Jessica Rosenworcel highlighted the previous LA ransomware incident and others, emphasizing their severe impact on educational operations and financial strains on districts. She stated, “This situation is complex, but the vulnerabilities in the networks that we use in our nation’s schools and libraries are real and growing.”
The FCC’s decision to launch the three-year pilot was split, with a 3-2 vote favoring the move. Critics argue the initiative might be too delayed, yet the FCC aims to assess the efficacy of federal funds in defending these crucial institutions. The program promises a minimum of $15,000 for approved cybersecurity services to participating schools and districts, aspiring to address their most pressing cybersafety needs effectively.
Regarding the ongoing LAUSD data breach probe, the district is in touch with law enforcement to ascertain the legitimacy of The Satanic Cloud’s claims. Investigations last year by The 74 unearthed the leakage of thousands of students’ psychological evaluations after a similar ransomware attack, contradicting initial denials from the district.
The dark web marketplace listing the alleged LAUSD data, BreachForums, was briefly taken down last month but remains a focal point for FBI investigations into cybercrime. A preliminary examination of the data files suggests they may include sensitive student and teacher information, potentially from the previous 2022 ransomware assault.
Kaustubh Medhe from Cyble pointed out that the newly surfaced data might not be new but rather recycled from past breaches, urging LAUSD to conduct a thorough investigation to mitigate targeted phishing risks or other threats stemming from this exposure.
This alarming situation underscores the commission’s pilot program’s necessity, as Claire Gomez of the FCC remarked on its essential role in fostering educational equity by securing digital networks against increasingly sophisticated threats. Yet, there’s broad acknowledgement that while this pilot is a positive step forward, its scale may not entirely meet the nationwide need for enhanced cybersecurity measures in schools.
Despite these challenges, the educational community shows cautious optimism for the FCC’s initiative. Library and educational associations herald the move as pivotal for protecting schools and libraries from cyber threats. Nonetheless, experts like Doug Levin express concern that without adequate cybersecurity know-how, the advanced tools provided by the FCC pilot might not fully benefit all school districts.
The developments reflect a critical juncture in the fight against cyber threats in education, highlighting the necessity for robust cybersecurity defenses and the collective effort needed from federal agencies, schools, and cybersecurity professionals to safeguard sensitive information. As investigations continue and the FCC pilot program unfolds, the broader educational sector watches closely, hopeful for a safer digital future for all students and educators.
