LOS ANGELES (CNS) — Federal, state and local authorities are continuing their investigation Wednesday into the weekend cyber attack on the Los Angeles Unified School District’s computer systems that led the district to order teachers, staff and students to change their district passwords.
Following the Labor Day holiday, classes resumed at LAUSD as scheduled Tuesday, with officials reporting a “fairly normal school day” despite what the district called a “significant disruption to our system’s infrastructure.”
What You Need To Know
- Officials detected unusual activity Saturday night from an external entity, prompting the district to deactivate all its systems
- The superintendent said he expects a protracted and collaborative investigation by federal, state and local authorities into the matter
- The district was attacked with a ransomware tool but had not received a ransom demand
- Following the Labor Day holiday, classes resumed at LAUSD as scheduled Tuesday
“We are in a far better position than we anticipated being just this morning,” Superintendent Alberto Carvalho said during a Tuesday news conference.
Carvalho said the district was attacked with a ransomware tool but had not received a ransom demand.
All “indispensable” systems were active Tuesday morning — and Carvalho said he expects a protracted and collaborative investigation by federal, state and local authorities into the matter.
As of Tuesday, the only system down was the district’s facility systems, which manages contracting procurements.
Officials detected unusual activity Saturday night from an external entity, prompting the district to deactivate all its systems in an “unprecedented” move.
Subsequently, the district contacted federal officials over the weekend, prompting the White House to mobilize a response from the U.S. Department of Education, the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, according to the LAUSD.
“We did not know at that time what areas were targeted, what entity was targeting us,” Carvalho said. “We were unaware how deep, how complex this incident, this action, was. So, as a matter of protection, we basically shut down every one of our systems.”
The decision was “the right call at the right moment” because it restricted the damage of the cyber attack, according to Carvalho.
Carvalho said that by late Monday night, the district confirmed that all key systems would be active Tuesday morning, allowing the district to proceed with starting school as normal following Labor Day.
District officials described the incident as “likely criminal in nature,” and said they were assessing the situation with law enforcement agencies.
The attack temporarily interfered with the LAUSD website and email system. But officials said employee health care and payroll were not affected, nor did the cyber incident impact safety and emergency mechanisms in place at schools.
They added that some food or Beyond the Bell services and business operations may be delayed or modified.
On Tuesday, the district announced that all students and staff would need to change their lausd.net passwords, but it set specific times for when those changes should be made, and stressed the change “must be completed at a district site.”
To minimize wait times while the changes were being made, the district set a schedule of 7 a.m. for administrators and teachers, 9 a.m. for support staff, 10 a.m. for high school students and 11 a.m. for elementary/middle …….