Louisiana Special School District Hit by Akira Ransomware Attack, Exposing Sensitive Data
The Louisiana Special School District (SSD) disclosed a data breach involving the personal information of students, employees, and other stakeholders following a ransomware attack by the Akira Ransomware Group. The incident was detected on May 24, prompting the district to notify affected individuals last month.
Upon discovery, SSD contacted Louisiana State Police, who confirmed that threat actors had accessed the district’s network and could have exfiltrated data. While there is no evidence that files were copied, the attackers encrypted them, potentially exposing sensitive information. The breach impacted multiple departments, including human resources, the business office, the Louisiana School for the Deaf, the Louisiana School for the Visually Impaired, and the Special Schools Program.
Compromised data includes names, addresses, phone numbers, Social Security numbers, and limited medical information for students and staff. Notifications to affected individuals including students’ families, former employees, and beneficiaries began the week of July 8. The district expects to restore full services by August 1 and has since remediated vulnerabilities and upgraded security protocols.
Superintendent David Martin acknowledged the attack occurred despite third-party security measures, attributing it to a brute force intrusion. SSD has set up an email (SSDCyberrecovery@la.gov) for inquiries and plans to provide updates on its website. The incident underscores the ongoing threat of ransomware targeting educational institutions.
Source: https://www.govtech.com/education/k-12/louisiana-special-school-district-hit-by-cyber-attack
Louisiana Special School District cybersecurity rating report: https://www.rankiteo.com/company/ssdlouisiana
"id": "SSD1777660087",
"linkid": "ssdlouisiana",
"type": "Ransomware",
"date": "7/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Students, employees, families, '
'former employees, and '
'beneficiaries',
'industry': 'Education',
'location': 'Louisiana, USA',
'name': 'Louisiana Special School District',
'type': 'Educational Institution'}],
'attack_vector': 'Brute force intrusion',
'customer_advisories': 'Notifications sent to affected individuals the week '
'of July 8, 2024.',
'data_breach': {'data_encryption': 'Yes (files encrypted by ransomware)',
'data_exfiltration': 'Possible (no evidence of copying)',
'personally_identifiable_information': 'Yes (Social Security '
'numbers, names, '
'addresses, phone '
'numbers)',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Addresses',
'Phone numbers',
'Social Security numbers',
'Limited medical information']},
'date_detected': '2024-05-24',
'date_publicly_disclosed': '2024-07-08',
'date_resolved': '2024-08-01',
'description': 'The Louisiana Special School District (SSD) disclosed a data '
'breach involving the personal information of students, '
'employees, and other stakeholders following a ransomware '
'attack by the Akira Ransomware Group. The incident was '
'detected on May 24, prompting the district to notify affected '
'individuals last month. Upon discovery, SSD contacted '
'Louisiana State Police, who confirmed that threat actors had '
'accessed the district’s network and could have exfiltrated '
'data. While there is no evidence that files were copied, the '
'attackers encrypted them, potentially exposing sensitive '
'information. The breach impacted multiple departments, '
'including human resources, the business office, the Louisiana '
'School for the Deaf, the Louisiana School for the Visually '
'Impaired, and the Special Schools Program. Compromised data '
'includes names, addresses, phone numbers, Social Security '
'numbers, and limited medical information for students and '
'staff.',
'impact': {'data_compromised': 'Personal information of students, employees, '
'and stakeholders',
'identity_theft_risk': 'High (Social Security numbers exposed)',
'operational_impact': 'Services expected to be fully restored by '
'August 1',
'systems_affected': 'District’s network, human resources, business '
'office, Louisiana School for the Deaf, '
'Louisiana School for the Visually Impaired, '
'Special Schools Program'},
'initial_access_broker': {'entry_point': 'Brute force intrusion'},
'investigation_status': 'Ongoing (as of disclosure)',
'lessons_learned': 'Brute force intrusions can bypass third-party security '
'measures; importance of continuous security upgrades and '
'monitoring.',
'post_incident_analysis': {'corrective_actions': 'Vulnerabilities remediated, '
'security protocols upgraded',
'root_causes': 'Brute force intrusion despite '
'third-party security measures'},
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Possible',
'ransomware_strain': 'Akira'},
'recommendations': 'Enhance security protocols, conduct regular vulnerability '
'assessments, and improve incident response planning.',
'references': [{'source': 'Cyber Incident Description'}],
'response': {'communication_strategy': 'Notifications sent to affected '
'individuals, email setup for '
'inquiries (SSDCyberrecovery@la.gov), '
'updates planned on district website',
'containment_measures': 'Network access restricted, '
'investigation initiated',
'law_enforcement_notified': 'Yes (Louisiana State Police)',
'recovery_measures': 'Full services expected to be restored by '
'August 1',
'remediation_measures': 'Vulnerabilities remediated, security '
'protocols upgraded',
'third_party_assistance': 'Yes (security measures in place prior '
'to attack)'},
'threat_actor': 'Akira Ransomware Group',
'title': 'Louisiana Special School District Hit by Akira Ransomware Attack, '
'Exposing Sensitive Data',
'type': 'Ransomware'}