The second-biggest school district in the US was hit with ransomware

School opened as planned on Tuesday, while LA Unified worked with local law enforcement and a number of federal agencies to respond to the attack.
Written by Stephanie Condon, Senior Writer
Image: Shutterstock

Los Angeles Unified, the second-largest school district in the US, was hit with a ransomware attack over the weekend, the school district announced Tuesday. Despite the "significant disruption" to the school district's IT infrastructure, school opened as usual on Tuesday. 

Based on a preliminary analysis of critical business systems, LA Unified said employee healthcare and payroll services were not impacted, nor did the cyber incident impact schools' safety and emergency mechanisms.

The school district said it has benefitted from "an immediate and comprehensive response" from the federal government, including assistance from the White House, the Department of Education, the FBI and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA). They're also working with local law enforcement agencies. 

SEE: These are the cybersecurity threats of tomorrow that you should be thinking about today

The robust response comes as the threat of ransomware attacks against schools and universities grows. As ZDNet's Danny Palmer recently reported, schools are typically prime targets because of their overall lack of strong cybersecurity defenses and the amount of personal data they hold. Schools can also struggle to recover after their networks have been hit. 

Meanwhile, an attack on a school district as large as LA Unified could have far-reaching ramifications. The LA Unified School District enrolls more than 640,000 students in kindergarten through 12th grade. It covers a vast 710 square miles, including Los Angeles as well as all or parts of 31 smaller cities – plus several unincorporated sections of Los Angeles County.

A serious ransomware attack could impact a wide range of services, like a school's digital attendance collection, phone services, scheduled food service deliveries or payroll applications. 

The LA district first detected unusual activity in its Information Technology systems over the weekend. They contacted law enforcement after determining it was "likely criminal in nature." 

The district managed to implement a response protocol that mitigated disruptions. Students and employees had to reset their passwords to access district resources. 

In the wake of the attack, LA Unified is putting together a plan for additional protection, informed by public and private cybersecurity professionals. The district said its plan includes developing and implementing mandatory cybersecurity responsibility training for employees, as well as making additional technology investments for a "full scale reorganization of departments and systems to build coherence and bolster District data safeguards."

Editorial standards