Snowflake-linked Breach Strikes Los Angeles School District – InformationWeek

The latest in a long list of companies and organizations breached through Snowflake accounts, the Los Angeles school board said thousands of students’ data was stolen.
June 24, 2024
The Los Angeles Unified School District (LAUSD) has confirmed a breach that includes current and former student names, addresses, financials, grades, performance scoring, disability information, discipline details, and parent information.
A threat actor, Sp1d3r, has offered the database for sale on a dark web forum for $1,000. According to the California Department of Education, LAUSD currently has 529,902 students enrolled in grades K-12 at 778 schools. The breach happened in late May — the school system confirmed via statement to Bleeping Computer.
“So far, the district’s ongoing investigation has revealed no evidence of any compromise to our systems or networks; however, the investigation into the scope and extent of the data impacted is ongoing,” a spokesperson said, adding that the district is cooperating with the FBI, CISA, and related vendors as the investigation continues.
The threat actor says it has 11GB of stolen sensitive data, which includes 26 million records with student information, more than 24,000 teacher records, and data from around 500 staff members.
The threat actor appears to be associated with the same group responsible for other Snowflake related attacks on Ticketmaster, Santander Bank, Advance Auto Parts, Pure Storage, and others. Operating as “UNC5537” cybercriminals were able to use malware and infostealer software on a large scale using unguarded Snowflake accounts.
Related:Snowflake Scrambles to Enforce MFA as Breaches Pile Up
An investigation from Mandiant and CrowdStrike says up to 165 Snowflake customer accounts may have been compromised and blamed the breaches on disabled multifactor authentication (MFA) protection. Snowflake did not have a mechanism for companies to enforce multifactor authentication for users. Snowflake has since said it will begin enforcing MFA on accounts.
“UNC5537’s campaign against Snowflake customer instances is not the result of any particularly novel or sophisticated tool, technique or procedure,” Mandiant said in its report. “This campaign’s broad impact is the consequence of the growing infostealer marketplace and missed opportunities to further secure credentials.”
School districts are increasingly being targeted for cyberattacks. According to a report from EMISOFT there were 108 cybersecurity incidents in 2023, compared to 45 incidents a year earlier.
Cybersecurity experts say organizations must make data hygiene a top priority with MFA and other protections at top-of-mind. “The big lesson learned here is one of hygiene,” Jay Mar-Tang, field CISO with Pentera, said in an email. “Multifactor authentication is a foundation concept of the zero-trust framework and should always be enforced on accounts. If your cloud partner or service provider isn’t enforcing it, you should be proactive in enacting it yourself as it dramatically reduces your risk.”
Related:Snowflake’s Lack of MFA Control Leaves Companies Vulnerable, Experts Say
Shane Snider
Senior Writer, InformationWeek, InformationWeek
Shane Snider is a veteran journalist with more than 20 years of industry experience. He started his career as a general assignment reporter and has covered government, business, education, technology and much more. He was a reporter for the Triangle Business Journal, Raleigh News and Observer and most recently a tech reporter for CRN. He was also a top wedding photographer for many years, traveling across the country and around the world. He lives in Raleigh with his wife and two children.
You May Also Like
2024 State of Networking Report
2024 InformationWeek US IT Salary Report
2022 State of Network Management
2022 State of ITOps and SecOps
Proven Success Factors for Endpoint Security
Supercharge Your Tech Strategy With Advanced Managed Services
Cyber Resilience: 2024 LevelBlue Futures Report
The Challenges of AI Sprawl and the Rise of Zero Trust
Cyber Resilience: 2024 LevelBlue Futures Report
The CIO’s Guide to IT Automation in 2024: Enabling Innovation & Efficency
Black Hat USA – Aug 3-8 – The Premier Technical Cybersecurity Conference – Learn More
2024 State of Networking Report
2024 InformationWeek US IT Salary Report
2022 State of Network Management
2022 State of ITOps and SecOps
Forrester Report: The Total Economic Impact Of Bizagi’s Low-Code Intelligent Process Automation Platform
Copyright © 2024. All rights reserved. Informa Tech, a trading division of Informa PLC.


1 thought on “Snowflake-linked Breach Strikes Los Angeles School District – InformationWeek”

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top