BOOK THIS SPACE FOR AD
ARTICLE ADThe Los Angeles Unified School District (LAUSD) has fallen victim to a significant data breach. A hacker identified as “Satanic” from the group “The Satanic Cloud” has leaked the personal, contact, and location details of millions of students, teachers, and other staff on Breach Forums.
Even worse, the data, which was dumped yesterday earlier this month, is now being circulated on various hacking and cybercrime platforms, including Russian-speaking sites and database leak-related Telegram channels.
For context, the Los Angeles Unified School District (LAUSD) is a public school district in Los Angeles, California. It is the largest public school system in California by student enrollment and the second largest in the United States.
Hackread.com conducted an in-depth analysis of the entire dataset, comprising 10GB worth of records, and concluded that the breach was legitimate.
The dataset includes the personal information of over 24.16 million students (24,156,469), and almost 55,000 teachers and staff have been impacted by this data breach. The exact number of leaked email addresses, after removing duplicate data, is 1,954,991 (approximately 1.95 million). Here is the detailed breakdown of the entire dataset:
Students Data
The most critical part of this data breach involves student data, which includes personal, contact, and address information such as the following:
Gender Ethnicity Zip Codes Current City Date of Birth ID Numbers School Names School Phone Numbers Phone numbers Email Addresses Home Addresses Home Location Coordinates Immigration Status Parent/Guardian ID Number District Student ID Numbers Full Names (First, middle, last) The city and country where the student was born Parents Details (Full name, phone numbers, home and email addresses)and a lot more…
Teachers and Other Staff Data
Like students, the data breach has significantly impacted teachers and other staff at the school. Hackread.com identified the following records on teachers while analyzing the data:
Gender Ethnicity Full Names Date of Birth Seniority Data Staff ID Number Email Addresses Home Addresses School they work for Location Coordinates Education/Qualification School Names Campus Codes Employment Status Years of Experience Type of Employment (Regular, permanent or temporary) The position they hold in the school (Teacher, technical, or grounds worker, etc)and a lot more…
Snowflake Related Breach
Hackread.com contacted the hacker who claimed responsibility for the attack and confirmed that this was a Snowflake-related breach. The hacker shared login credentials for the alleged Snowflake account used in the LAUSD data breach. They also warned that “a lot more is coming,” indicating further exploitation of the Snowflake vulnerability.
It is worth noting that the Snowflake software vulnerability was also the cause of the infamous Ticketmaster data breach. This vulnerability continues to be exploited by cybercriminals worldwide. Additionally, according to Bloomberg, LAUSD has acknowledged that the data breach occurred because a third-party vendor stored the stolen data on Snowflake.
Implications
Although the leaked records do not contain passwords or Social Security Numbers (SSNs), this is not a random data breach. It involves contact details and the physical locations of children, who are among the most vulnerable members of our society.
Parents, teachers, staff, and students are advised to be vigilant for any malicious activities that may occur under their names. This could include phishing scams, identity theft incidents, fake social media profiles, or attempts to sign up on malicious sites.