Security News > 2020 > September > Las Vegas Students’ Personal Data Leaked, Post-Ransomware Attack

Personal information for students in the Clark County School District, which includes Las Vegas, has reportedly turned up on an underground forum, following a ransomware attack that researchers say was carried out by the Maze gang.

In early September, the Associated Press reported that the district was crippled during its first week of school thanks to a ransomware attack, potentially exposing personal information of employees, including names and Social Security numbers.

"The attacks have disrupted learning at up to 596 individual schools. The number of cases in which data is exfiltrated has also increased: at least five of the 12 districts had data stolen and published online."

"The crunchy point will be whether a failure to pay a ransom, to preclude data from being published, may be construed as a failure to remediate the damage and thus make the school civilly liable for this specific leak and its consequences. The monetary damages will likely be of a nominal value as evidenced by recent litigation in the US involving similar data breaches. The best avenue will likely be a settlement, providing the students with a necessary support to negate reasonably foreseeable consequences of the data breach and exposure of their PII [personally identifiable information."

A recent ransomware attack against a North Carolina school district, Haywood County Schools, caused the school to close to students for days.

News URL

https://threatpost.com/las-vegas-students-data-leaked-ransomware/159645/