The Los Angeles Unified School District (LAUSD), the second-largest public school system in the U.S., has confirmed that data from at least one of its vendors using Snowflake’s data storage services was stolen. This incident follows a cyberattack on May 27 against the Boston-based cloud data provider Snowflake, where hackers exploited single-factor authentication to access customer accounts. The attack targeted the school district’s vendors, leading to a compromise of sensitive data, although the specific vendors affected have not been disclosed.
Snowflake, along with cybersecurity firms CrowdStrike and Mandiant, issued a statement on June 11 revealing an increase in cyber threats against the company. They reported that the attacks were part of a broader campaign aimed at 165 Snowflake customer accounts, with the attackers using exposed user credentials from unrelated breaches. The joint statement highlighted that these identity-based attacks were designed to obtain customer data.
Earlier reports indicated that LAUSD was investigating threats from a hacker who claimed to be selling stolen data from the district. The hacker posted on a forum that they had 11 gigabytes of stolen data, including millions of student records and thousands of teacher and staff records. The data reportedly aligns with the recent incidents involving Snowflake, though investigations have yet to confirm a direct breach of LAUSD’s systems linked to the Snowflake attack.
The education sector has increasingly been targeted by cybercriminals, with documented attacks on K-12 schools in the U.S. rising from 45 in 2022 to 108 in 2023. Threat analysts suggest that for-profit cybercriminals are exploiting this sector due to its high return on investment. Recommendations to counteract these attacks include enhancing security measures and imposing restrictions on ransom payments to deter such activities.
Reference:
