In Partnership with 74

How LAUSD families can protect student data after district cyberattack

Sara Balanta | September 27, 2022



Your donation will help us produce journalism like this. Please give today.

A yellow background with an image of a laptop computer; over the computer is an image of a text box and a padlock

iStock

A Labor Day weekend cyber attack affecting thousands of Los Angeles Unified School District students has families questioning what they can do to keep their information safe.

According to an LA Times report hackers used ransomware to freeze and disable some LAUSD systems.

“The student management system was touched,” said LAUSD superintendent Alberto Carvalho.

Authorities have said there’s no evidence confidential student information — such as social security numbers or health insurance — has been breached. Last week the district confirmed a ransom demand by the hackers, but Carvalho said there had been no response.

“School districts are often vulnerable targets to these kinds of attacks because they are large, have many employees, and many other users including students and parents who have access to at least some parts of the system,” said Clifford Nueman, an expert on computer security and professor at USC’s Viterbi School of Engineering in an email to LA School Report.

“What makes LAUSD an attractive target to criminals deploying ransomware is the number of individuals that are affected when LAUSD systems become unavailable,” Neuman added.

Dr. Joseph Greenfield, Associate Professor of Practice at USC and an expert on digital forensics, offered three tips on how LAUSD students and their parents can keep their private data protected:

1. LAUSD devices should be used exclusively for LAUSD services

In order to prevent personal information from even reaching school’s data networks, parents should ensure students are using their LAUSD devices strictly for school purposes. While students may often play online games or indulge in social media content… with their LAUSD devices, these interactions are threatening due to sensitive student content reaching the school’s information history.

2. Download a password manager

A password manager is an application tied to a subscription based service, most commonly seen through websites offering to generate customized passwords for their user. Popular examples include Apple Keychain and Dashlane.

Essentially these programs are targeted towards not repeating passwords across the wide array of sites student’s use on a daily basis. If each application has an individual separate lock, then a compromise of one account does not lead to a compromise of all accounts.

3. Use a multifactor authentication process

Multi Factor authentication is a process which can be implemented… in any and all accounts. With the installation of this software, every time there is a login attempt the user must present two or more forms of evidence to verify their identity. The credentials that students would need to provide may translate to them receiving a confirmation text or needing to approve login through authentication apps such as DUO. Each and every time students log in, they should be required to undergo this process of identity confirmation.

This article is part of a collaboration between The 74 and the USC Annenberg School for Communication and Journalism.

Sara Balanta is an undergraduate student at the USC Annenberg School for Communication and Journalism pursuing a Bachelor’s degree in Journalism. She is a 2022 Dragon Kim Foundation Fellow where she hosts a project called “Teacher’s Aide +”, which conducts free renovations in schools to help brighten campus environments. Aside from writing her passions include youth activism, media culture and music.

Read Next