Students and faculty members of the second largest school district in the US are now at risk of being victims of a cyberattack.

Los Angeles Unified School District (LAUSD) Superintendent Alberto M. Carvalho recently confirmed that a "criminal organization" leaked the data it stole during its cyberattack in early September following the school district's refusal to pay the demanded ransom money.

The school district is now providing aid to concerned students, parents, and employees who may suspect that their data was exposed.

LAUSD Leaked Data Details

Carvalho mentioned in a Twitter announcement that the school district's experts had partnered with law enforcement to analyze the "full extent" of the releasing of the data stolen by a "criminal organization" during its cyberattack on the school district's IT systems in early September. 

The leaking of the stolen data is the result of the school district's decision not to pay the demanded ransom money in favor of spending it on its students than "capitulating" to the criminal organization.

"Los Angeles Unified remains form that dollar must be used to fund students and education," the school district said in a statement on Sept. 30.

You may remember that the LAUSD detected an "unusual activity" in its IT systems on Sept. 3, which targeted the school district's facilities systems consisting of information about private-sector contractor payments. 

According to a report from Bleeping Computer, the Vice Society Ransomware Gang was found to be the "criminal organization" responsible for the cyberattack in early September and the one that recently leaked the school district's data.

Read More: Clubs, Players Take to Twitter to React to the Indonesian Soccer Match Stampede That Killed At Least 174 People

As a result of the school district's refusal to pay the ransom money, the gang updated its LAUSD entry on its data leak site with a link to the data it stole. 

It also included a message for the federal cyber-security agency CISA, which published a national warning about the gang's penchant for targeting educational institutions. 

According to the gang's updated LAUSD page, it said that CISA wasted its time, and, in return, it "wasted CISA's reputation." 

Although the school district has yet to confirm what data was stolen and leaked, a quick look at the link the gang gave revealed that it may have made students' and employees' social security numbers, passport information, and other "secret and confidential" data. 

The gang may have also leaked students' confidential psychological assessments, contract and legal documents, business records, and many database entries, per a law enforcement source for NBC Los Angeles. 

LAUSD's Response To The Leak

LAUSD stated that it would notify the people whose data was leaked by the Vice Society Ransomware Gang and that it would provide free credit monitoring services to protect them. 

However, since sensitive personal information was leaked, it is advised that all students, parents, and employees must be on alert for any possible phishing campaigns that utilize the leaked information against them. 

Freezing their credit is also recommended to prevent identity theft or financial fraud.

Related Article: The Los Angeles Unified School District Falls Victim to Ransomware Attack