The Glendale Unified School District in Los Angeles County recently became the victim of a ransomware attack that resulted in significant data breaches affecting both employees and students. This incident, which was first detected in December, compromised sensitive information including names, addresses, Social Security numbers, driver’s licenses, and financial account details. Following the attack, the district’s IT systems were locked, and attackers demanded an undisclosed ransom to release the data safely back to the district.
In the aftermath of the breach, the district discovered that the stolen data had been used to fraudulently file federal and state income taxes, which came to light when several district employees attempted to file their taxes. Over 231 union members have been impacted, many of whom were required to undergo identity verification with the IRS to confirm their identities and legitimately file their taxes. This process has proven to be not only time-consuming but also stressful for the affected employees.
The district’s response to the breach has faced criticism from within. An anonymous employee expressed dissatisfaction with the district’s slow and unclear communication regarding the details and implications of the breach. It was not until months after the initial attack that the district began to notify and provide more detailed information to current and former employees potentially affected by the breach. In contrast, similar incidents in other districts, such as the Los Angeles Unified, saw much quicker and transparent communication in collaboration with authorities like the FBI and the Department of Homeland Security.
In response to the ongoing situation, Glendale Unified has taken steps to address the breach by partnering with local law enforcement, cybersecurity experts, and the FBI to assess the risk and scope of the breach. The district has also offered one year of free credit monitoring and identity theft protection to those affected. Despite these measures, the full extent of the breach’s impact, including whether all compromised data was posted to the dark web, remains uncertain. The district continues to work on securing its systems and improving its response to ensure better protection and support for its community in the future.
