The Los Angeles Unified College District has confirmed a knowledge breach after menace actors stole pupil and worker knowledge by breaching the corporate’s Snowflake account.
SnowFlake is a cloud database platform utilized by a few of the largest firms worldwide to retailer their knowledge.
Earlier this month, a menace actor started to promote knowledge from quite a few firms, together with TicketMaster, Satandar Financial institution, Advance Auto Components, and Pure Storage, with the hacker stating it was stolen from SnowFlake.
A joint investigation by SnowFlake, Mandiant, and CrowdStrike revealed {that a} menace actor, tracked as UNC5537, used stolen buyer credentials to focus on not less than 165 organizations that had not configured multi-factor authentication safety on their accounts.
As soon as they accessed the accounts, they downloaded all the information and tried to extort the corporate in change for not promoting or leaking the information to different cybercriminals.
LAUSD bought on a hacker discussion board
On June 18, the menace actor referred to as ‘Sp1d3r, who’s promoting knowledge from earlier SnowFlake assaults, additionally started promoting the information of Los Angeles Unified for $150,000, claiming they stole it from SnowFlake.
The menace actor states this knowledge comprises pupil names, addresses, household names, demographics, financials, grades, efficiency scoring, incapacity data, self-discipline particulars, and mum or dad data.
After reviewing a pattern of the information, LAUSD confirmed to BleepingComputer that the information was stolen from its SnowFlake account.
“As previously stated, on June 6, 2024, Los Angeles Unified became aware of an account from a malicious actor purporting to offer certain student and employee data for sale,” a Los Angeles Unified spokesperson instructed BleepingComputer.
“Through its extensive and ongoing investigation, the District has determined that the data in question was maintained by one or more Los Angeles Unified external vendors on Snowflake, a cloud-based platform used for mass data storage, and appears to have been stolen in a manner consistent with recently publicized thefts involving numerous Snowflake accounts.”
“So far, the District’s ongoing investigation has revealed no evidence of any compromise to our systems or networks; however the investigation into the scope and extent of the data impacted is ongoing.”
Los Angeles Unified says they’re working with the FBI, CISA, and its distributors to analyze the incident additional.
Multiple menace actor apparently gained entry to Los Angeles Unified’s knowledge, as a completely different menace actor named ‘Satanic’ started promoting the district’s knowledge virtually two weeks earlier, on June 6, for $1,000.
Nevertheless, this knowledge seems to be completely different than the information stolen from SnowFlake, with the menace actor claiming it comprises 26 million data with present and former pupil data, greater than 24,000 instructor data, and round 500 containing workers data.
This menace actor has now launched it without cost, permitting any cybercriminal to obtain and use it in their very own assaults.
Nevertheless, it’s unclear the place this knowledge originated from, because it doesn’t seem to have come from SnowFlake.
BleepingComputer contacted LAUSD final evening to substantiate the origins of the information leaked by ‘Satanic’ however didn’t obtain a response.
At this level, with the large quantity of information from LAUSD now shared on hacking boards, all of its college students, academics, and workers members ought to think about their knowledge uncovered.
As it’s not unusual for different menace actors to make use of leaked knowledge of their campaigns, it’s essential to remain vigilant in opposition to unsolicited emails, texts, and telephone calls trying to steal further knowledge, reminiscent of passwords.