LAUSD cyberattack: Carvalho says sensitive student information not made public

Los Angeles Unified School District superintendent Alberto Carvalho said Monday that there's "no evidence of widespread impact of confidential information" after hackers released info from a cyberattack against the district over the weekend., and that the attack appeared to be "even more limited than we originally anticipated.''

Directories presumably containing social security numbers, passport information, contractor invoices and tax documents have all been posted online Saturday after Carvalho announced Friday that the district would not respond to the hackers' demands for a ransom. FOX 11 found the directories on the dark web with the help of Checkpoint Cyber Security Solutions.

Carvalho responded to claims about the data in a press conference Monday, refuting claims from other media outlets that student psychiatric evaluations were included among the breach.

PREVIOUS COVERAGE: Hackers release LAUSD data after ransom denied

"We have seen no evidence that psychiatric evaluation information or health records. based on what we've seen so far, have been made available publicly."

According to Carvalho, the hackers were able to access two specific systems. First, the district's MiSiS (My Integrated Student Information System) System. The MiSiS system, according to Carvalho, "has all students' names, addresses, student ID numbers, to the extent they have social security numbers. It has their health information. It has their academic information, attendance information and much more."

In addition, the hackers were able to access and encrypt the district's facility systems, Carvalho said. 

District officials say the hackers got about 500 gigabytes of data, compared to the 1.6 petabytes of data that falls under the district's control. The data accessed from the MiSiS system, Carvalho said, is old data from an archived system, from a time period between 2013 and 2016. 

"The lion's share of the student information is information that more than likely applies to students who may no longer be students in our system," Carvalho said.

The district is still reviewing the data that was accessed, Carvalho said Monday. He added that anyone affected by the breach will be contacted by LAUSD, and that the district will provide credit monitoring to anyone who's been affected.