LAUSD Data Breach: Hackers Leak 25M Records, Including Student Locations

5 months ago 37
BOOK THIS SPACE FOR AD
ARTICLE AD

The Los Angeles Unified School District (LAUSD) has fallen victim to a significant data breach. A hacker identified as “Satanic” from the group “The Satanic Cloud” has leaked the personal, contact, and location details of millions of students, teachers, and other staff on Breach Forums.

 Hackers Leak 25M Records, Including Student LocationsThe hacker’s post on the infamous Breach Forums (Screenshot: Hackread.com)

Even worse, the data, which was dumped yesterday earlier this month, is now being circulated on various hacking and cybercrime platforms, including Russian-speaking sites and database leak-related Telegram channels.

For context, the Los Angeles Unified School District (LAUSD) is a public school district in Los Angeles, California. It is the largest public school system in California by student enrollment and the second largest in the United States.

Hackread.com conducted an in-depth analysis of the entire dataset, comprising 10GB worth of records, and concluded that the breach was legitimate.

The dataset includes the personal information of over 24.16 million students (24,156,469), and almost 55,000 teachers and staff have been impacted by this data breach. The exact number of leaked email addresses, after removing duplicate data, is 1,954,991 (approximately 1.95 million). Here is the detailed breakdown of the entire dataset:

Students Data

The most critical part of this data breach involves student data, which includes personal, contact, and address information such as the following:

Gender Ethnicity Zip Codes Current City Date of Birth ID Numbers School Names School Phone Numbers Phone numbers Email Addresses Home Addresses Home Location Coordinates Immigration Status Parent/Guardian ID Number District Student ID Numbers Full Names (First, middle, last) The city and country where the student was born Parents Details (Full name, phone numbers, home and email addresses)

and a lot more…

Teachers and Other Staff Data

Like students, the data breach has significantly impacted teachers and other staff at the school. Hackread.com identified the following records on teachers while analyzing the data:

Gender Ethnicity Full Names Date of Birth Seniority Data Staff ID Number Email Addresses Home Addresses School they work for Location Coordinates Education/Qualification School Names Campus Codes Employment Status Years of Experience Type of Employment (Regular, permanent or temporary) The position they hold in the school (Teacher, technical, or grounds worker, etc)

and a lot more…

 Hackers Leak 25M Records, Including Student LocationsScreenshot from the data analysed by Hackread.com

Hackread.com contacted the hacker who claimed responsibility for the attack and confirmed that this was a Snowflake-related breach. The hacker shared login credentials for the alleged Snowflake account used in the LAUSD data breach. They also warned that “a lot more is coming,” indicating further exploitation of the Snowflake vulnerability.

 Hackers Leak 25M Records, Including Student LocationsThe login link and credentials provided by the hacker which they claim were used in extracting LAUSD data (Note: Hackread.com did not log in or attempted to log in to this portal)

It is worth noting that the Snowflake software vulnerability was also the cause of the infamous Ticketmaster data breach. This vulnerability continues to be exploited by cybercriminals worldwide. Additionally, according to Bloomberg, LAUSD has acknowledged that the data breach occurred because a third-party vendor stored the stolen data on Snowflake.

Implications

Although the leaked records do not contain passwords or Social Security Numbers (SSNs), this is not a random data breach. It involves contact details and the physical locations of children, who are among the most vulnerable members of our society.

Parents, teachers, staff, and students are advised to be vigilant for any malicious activities that may occur under their names. This could include phishing scams, identity theft incidents, fake social media profiles, or attempts to sign up on malicious sites.

AT&T Confirms Data Breach Affecting 73 Million Users Dell Discloses Data Breach As Hacker Sells 49 Million User Data Insurance Giant ‘Globe Life’ Data Breach Impacting Policyholders AMD Data Breach: IntelBroker Claims Theft of Employee, Product Info Hackers Leak Data of 2.5M Private Plane Owners in LA Airport Breach Location Tracker Firm Tile Hit by Data Breach, Internal Tools Accessed
Read Entire Article