A massive data breach achieved through Snowflake, allegedly impacting Los Angeles Unified School District (LAUSD) and Edgenuity, a provider of online learning solutions, has surfaced, with the threat actor “Sp1d3r” claiming to have compromised the data of over 4 million K-12 students.
The breach, disclosed on the cybercrime forum BreachForums, involves the sensitive information of students from both platforms and is currently being used for extortion.
As one of the largest school districts in the United States, LAUSD serves over 600,000 students across more than 1,000 schools. The district's substantial student population and extensive use of digital platforms for education make it a lucrative target for cybercriminals.
Edgenuity provides online curriculum and instructional services to schools and districts nationwide. Its role in facilitating digital learning for millions of students further underscores the potential scale and impact of the breach.
Earlier today, a post by Sp1d3r appeared on BreachForums, detailing the extent of the stolen data and threatening to leak the information if a ransom of 30 Bitcoin (approximately $2 million USD) is not paid within seven days. The stolen data includes:
- Personal information (names, addresses, family details, and demographics)
- Academic records (grades, GPA, performance scores)
- Medical and disability information
- Disciplinary records
- Login credentials for parent and student accounts
A sample of the data was shared via a link to Gofile.io to back the claims about the authenticity of the breach. However, the threat actor's allegations have not been verified yet.
The extortion note explicitly warns LASchools and Edgenuity to comply with the ransom demand within seven days to avoid the public release of the stolen data.
This campaign is part of a broader trend where threat actors leverage stolen credentials, often acquired through infostealer malware, to gain unauthorized access to valuable databases for financial gain.
Another Snowflake breach
The threat actor, Sp1d3r, who joined BreachForums in May 2024, is known for their limited but impactful activity on the forum. Their post highlights the use of compromised Snowflake database instances as the source of the breach. Snowflake, a leading data warehousing service, has been a target of various cyberattacks, primarily due to credential theft and lack of robust security measures such as multi-factor authentication (MFA).
The attack on LASchools and Edgenuity is part of a larger pattern of breaches targeting Snowflake customer instances. According to Mandiant, the financially motivated group UNC5537 has been exploiting stolen customer credentials to access and exfiltrate data from Snowflake databases. Despite Snowflake's robust enterprise security, these breaches occur due to inadequate customer-side security practices, such as the absence of MFA.
Update June 19, 2024: Earlier today, the threat actor updated the post to correct the URL of the victim and reiterate it was Los Angeles Unified School District at LAUSD.org.
Alleged Data Breach at AMD Exposes Customer Data and Source Code
Leave a Reply