The seriousness of the attack was underscored by the breadth of the response: Agencies including the FBI and the Department of Homeland Security are involved in the investigation.
The district’s web page was partially restored by early Tuesday morning, but the Board of Education page, which lists meetings and provides agendas and public reports, was still down.
So far, the L.A. school district has not indicated that data theft of student or employee records is part of the current problems.
An 8 a.m. update advised that all students and employees are required to change their password. The update included a staggered schedule for this process, with administrators and teachers first, followed by support staff, high school students and finally elementary and middle school students.
“There may be delays due to high demand,” the advisory warned.
The first indication of ongoing disruptions was late Monday night.
“Business operations may be delayed or modified,” the district stated. However, “based on a preliminary analysis of critical business systems, employee health care and payroll are not impacted. Nor has the cyber incident impacted safety and emergency mechanisms in place at schools.”
One teacher reported at 7:30 a.m. that she was unable to log in. “Some teachers are under the impression they can change their LAUSD password, then log in, but the password site is down,” said one teacher.
Besides taking the district’s website offline, the attack eliminated access to email and affected systems that teachers use to post lessons and take attendance.
“Since the identification of the incident, which is likely criminal in nature, we continue to assess the situation with law enforcement agencies,” the district stated in a release Monday night. “While the investigation continues, Los Angeles Unified has swiftly implemented a response protocol to mitigate districtwide disruptions, including access to email, computer systems and applications.”
Officials said they have been working around the clock to solve the multi-layered problem.
“The White House brought together the Department of Education, the Federal Bureau of Investigation and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to provide rapid, incident response support to Los Angeles Unified, building on the immediate support by local law enforcement agencies,” the district announcement said.
Until late Monday night, no information from the district indicated what was causing the problems. By that time, teachers, parents and students were posting all over social media about technical issues.
When the district acknowledged the attack, officials also announced an array of measures to improve cybersecurity. These measures, the district said, “have been taken, will be taken immediately or will be implemented as soon as feasible.”
The list includes:
- Setting up an independent IT Task Force. It would be charged with developing recommendations within 90 days and providing monthly updates.
- Deploying technical staff across the vast school system to assist with issues that arise in the coming days.
- Reorganizing departments and systems “to build coherence and bolster data safeguards.”
- Appointing an expert technology advisory council and naming a technology adviser who will focus on security procedures and practices as well as an overall data center operations review.
- Adding budget dollars as needed and improving employee training.
- Analyzing systems with help from federal and state law enforcement.
L.A. Unified has had a few major internal computer fails — especially related to intended upgrades. In one instance, the payroll system malfunctioned, resulting in underpayments and overpayments that took years to resolve. In another episode, a new student information system made students’ academic records and class schedules unavailable.
©2022 Los Angeles Times. Distributed by Tribune Content Agency, LLC.
