Classes resumed as scheduled Tuesday after the Los Angeles Unified School District was the target of a ransomware attack on its information technology systems over the holiday weekend.
The district contacted federal officials over the weekend, prompting the White House to mobilize a response from the U.S. Department of Education, the FBI and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, according to the LAUSD.
Officials in the country's second-largest school district described the incident as "likely criminal in nature." The attack will require all students and employees to change LAUSD passwords.
Get top local stories in Southern California delivered to you every morning. Sign up for NBC LA's News Headlines newsletter.
"Los Angeles Unified detected unusual activity in its Information Technology systems over the weekend, which after initial review, can be confirmed as an external cyber attack on our Information Technology assets," the district said in a statement. "Since the identification of the incident, which is likely criminal in nature, we continue to assess the situation with law enforcement agencies. While the investigation continues, Los Angeles Unified has swiftly implemented a response protocol to mitigate Districtwide disruptions, including access to email, computer systems and applications. This communication is being published after extensive, required vetting and approval by a number of entities and agencies."
Schools opened as scheduled Tuesday despite what the LAUSD described as a "significant disruption" to its system infrastructure. The district confirmed late Monday that all affected systems would be active Tuesday morning.
"We are experiencing a fairly normal school day," LAUSD Superintendent Alberto Carvalho said Tuesday.
He said the biggest challenge has been resetting all staff and student passwords.
"The password resetting is ongoing as we speak," Carvalho said Tuesday around midday.
Carvalho did not have details about how many passwords had been reset by midday, but said less than 10 percent had been completed early Tuesday morning.
"I am pretty confident by the end of the day today that the passwords will be reset," Carvalho said.
There are 600,000 K-12 students served at more than 1,000 schools in the sprawling 710-square-mile school district. The district also has more than 200 public charter schools.
Authorities said information about who carried out the attack could not be disclosed Tuesday.
"It does appear at this point that this incident originated beyond our borders," Carvalho said.
Carvalho said the district was attacked with a ransomware tool but did not receive a ransom demand. Officials detected unusual activity Saturday night from an external entity, prompting the district to deactivate all its systems in what officials said was an unprecedented move.
"We did not know at that time what areas were targeted, what entity was targeting us,'' Carvalho said. "We were unaware how deep, how complex this incident, this action, was. So, as a matter of protection, we basically shut down every one of our systems.''
The attack temporarily interfered with the LAUSD website and email system. But officials said employee health care and payroll were not impacted, nor did the cyber incident impact safety and emergency mechanisms in place at schools.
They added that some food or Beyond the Bell services and business operations may be delayed or modified.
Officials said they immediately established a plan of action to provide protection in the future, which includes elements listed here.
A ransomware extortion attack in Albuquerque’s biggest school district forced schools to close for two days in January. That district's superintendent said the shift to remote learning during the pandemic offered more ways for hackers to access the district’s system.
Ransomware cost American victims an estimated $1.4 billion in 2020, the first year of the pandemic. The attacks usually involve hackers breaking into private computer systems in an effort to encrypt or sometimes steal files to hold for ransom.