Los Angeles Unified School District confirms vendor data stolen in Snowflake cyberattack
The Los Angeles Unified School District, the second-largest public school system in the U.S., this week confirmed that at least one of its vendor using data storage services from Snowflake had its data stolen. The announcement follows a May 27 cyberattack against the Boston cloud data services provider, in which hackers accessed customer accounts using single-factor authentication.
A spokesperson for the district told Bloomberg on Monday that it believes a malicious actor targeted the school with the intent to sell student and employee data. A district spokesperson told StateScoop that “one or more” district vendors had its data compromised, but did not name them.
On June 11, Snowflake and third-party cybersecurity firms CrowdStrike and Mandiant issued a joint statement announcing they’d detected “an increase in cyber threat activity” against the company and that they were investigating a targeted threat campaign against 165 Snowflake customer accounts.
“Snowflake recently observed and is investigating an increase in cyber threat activity targeting some of our customers’ accounts. We believe this is the result of ongoing industry-wide, identity-based attacks with the intent to obtain customer data,” the statement read. “Research indicates that these types of attacks are performed with our customers’ user credentials that were exposed through unrelated cyber threat activity.”
Earlier this month, Bleeping Computer reported that LAUSD was investigating threats from an bad actor who claimed to be selling stolen data from the school district. On a hacking forum, the threat actor posted for sale, for $1,000, 11 gigabytes of stolen data that allegedly includes more than 26 million student information records, 24,000 teacher records and around 500 staff information records.
The district spokesperson told Bloomberg that data stolen from the district appeared to be consistent with the recent string of incidents involving Snowflake accounts, which began in April. However, the ongoing investigation has not uncovered evidence that its systems were breached through the hacking campaign against the data storage company, the spoleksperson added.
The education sector has been targeted with increasing frequency in recent years. According to a 2023 ransomware report from Emsisoft, there were 45 documented cyberattacks on K-12 schools in the United States in 2022, which more than doubled to 108 in 2023.
Brett Callow, a threat analyst at Emsisoft, told StateScoop that for-profit cybercriminals will repeat strategies that have a high return-on-investment, which in this case means attacking schools.
“The only way to change that behaviour is to make attacks on the education sector less profitable,” Callow said, “by, for example, bolstering security so that fewer schools become victims or imposing limitations on the payments of demands.”