A cybercriminal claimed to have uploaded the information of over 130,744 staff and students from the alleged Long Beach Unified School District data breach.
According to a user, who goes by the name “mud” on the hacker forum, the LBUSD data breach occurred on February 21, 2023. Moreover, the hacker claims to have full names, school email addresses, and student ID numbers from the LBUSD data breach.
The Long Beach Unified School District data breach
“Mud” also posted that there were 147 duplicate entries from the 130,744 student and staff data, adding that the reason for the leak was due to Google directory not being secured and students not forced to use “stronger passwords”.
The post also had a link to a sample from the Long Beach Unified School District data breach.
Virginia Union University ransomware attack
Other schools were also in the cybersecurity news this week for data breaches including Virginia Union University (vuu.edu). LockBit ransomware group claimed the ransomware attack on the US-based Virginia Union University.
The deadline provided to Virginia Union University was 10 March 2023 following which the exfiltrated information will be leaked online. The leak site post was made on 21 February. Not much was shared about the school data breach.
Dallas School District data breach
The cyberattack on Dallas School District was claimed by the Royal ransomware group. However, as opposed to the Virginia Union University data breach by LockBit, the Dallas School District post claimed to have already posted all the school data on their leak site. This most likely suggests that the school denied paying a ransom or was not threatened with a ransom demand.
With cyberattacks leaving services inaccessible, schools are making effort to work on their system security.
On the other hand, the school, and campus security market is expected to grow at a CAGR of 11.3% from 2021 to 2029 amounting to $3.87 billion. The increased cost for schools to secure their systems with more pieces of advanced tech may also impact the fee.
Researchers are urging school authorities to provide the required training to the staff who monitor and access networks.
The United Kingdom government has also outlined a few important steps for schools that include locking devices if 10 unsuccessful login attempts are made in 5 minutes on any system to prevent brute force attacks or similar access attempts.
Removing unused accounts and software was also recommended so no one can access using those accounts not the vulnerabilities in unused software cause security compromises.