LBUSD hit by data leak affecting 130,000 students, but officials say threat is low • Long Beach Post News

A database containing the names, emails and student identification numbers of over 130,000 Long Beach Unified School District students was recently breached. The leak, which officials said they learned about Tuesday evening, appears to have been uploaded to the dark web for hackers to take advantage of.

Experts and the school district, however, say that the risk to those affected is relatively low, as the leak did not contain any sensitive information like addresses, birthdates, Social Security numbers or grades.

“LBUSD’s student information system remains secure, and no sensitive student data was accessed,” said LBUSD spokesperson Chris Eftychiou. “Our team worked closely with a consortium of federal and local law enforcement agencies to ensure that more sensitive information was not compromised.”

The school district sent an email to parents today to inform them of the leak and assure them that students are safe. Eftychiou said the district “will continue working to implement new features within our internal network to limit the capabilities of bad actors who look to gain notoriety through breaching sensitive data.”

Brett Callow, a threat analyst at Emsisoft, a cybersecurity firm in New Zealand, posted about the LBUSD leak on Twitter and included screenshots to a hacker forum the leak was posted on. In another screenshot from the forum that Callow sent to the Post, it appears that the person who posted the leak is trying to obtain the directory list for every school.

“The leak is largely of mischief rather than a serious cyberattack,” Callow said.

With the information that was leaked, hackers cannot do much more than send spam messages, malware or phishing schemes to students’ emails. Callow said he does not know what could be done with the student ID numbers.

Indicators of phishing attempts could include: suspicious sender addresses, suspicious links or attachments in emails, poor spelling and grammar, and threats to create a false sense of urgency. More information on how to avoid or stay protected against phishing schemes can be found on the Long Beach City College website.

“Schools should obviously be locking down their systems properly to ensure that things like this don’t happen,” Callow said.

Editor’s note: This story has been updated to correct who was impacted by the data breach.

Long Beach's largest newsroom is now nonprofit.