Los Angeles Unified School District (LAUSD), the second-largest school district in the United States, says the Vice Society ransomware gang has stolen files containing contractors’ personal information, including Social Security Numbers (SSNs).
LAUSD also revealed that the threat actors were active in its network for over two months, between July 31, 2022, and September 3, 2022.
“Through our ongoing investigation, we determined that between July 31, 2022, and September 3, 2022, an unauthorized actor accessed and acquired certain files maintained on our servers,” the school district said in data breach notification letters sent to affected individuals.
While reviewing the data stolen during the two-month-long security breach, LAUSD discovered payroll records and other labor-related documents that included SSNs and impacted peoples’ names and home addresses.
“On January 9, 2023, we identified labor compliance documents, including certified payroll records, that contractors provided to L.A. Unified in connection with Facilities Services Division projects,” LAUSD said.
“Those files contained the names, addresses and Social Security numbers of contractor and subcontractor employees and other affiliated individuals” that provided LAUSD “with certified payroll records in connection with Facilities Services Division projects.”
