LAUSD Data Breach: Hackers Leak 25M Records, Including Student Locations

The Los Angeles Unified School District (LAUSD) has fallen victim to a significant data breach. A hacker identified as “Satanic” from the group “The Satanic Cloud” has leaked the personal, contact, and location details of millions of students, teachers, and other staff on Breach Forums.

Even worse, the data, which was dumped yesterday earlier this month, is now being circulated on various hacking and cybercrime platforms, including Russian-speaking sites and database leak-related Telegram channels.

For context, the Los Angeles Unified School District (LAUSD) is a public school district in Los Angeles, California. It is the largest public school system in California by student enrollment and the second largest in the United States.

Hackread.com conducted an in-depth analysis of the entire dataset, comprising 10GB worth of records, and concluded that the breach was legitimate.

The dataset includes the personal information of over 24.16 million students (24,156,469), and almost 55,000 teachers and staff have been impacted by this data breach. The exact number of leaked email addresses, after removing duplicate data, is 1,954,991 (approximately 1.95 million). Here is the detailed breakdown of the entire dataset:

Students Data

The most critical part of this data breach involves student data, which includes personal, contact, and address information such as the following:

Gender
Ethnicity
Zip Codes
Current City
Date of Birth
ID Numbers
School Names
School Phone Numbers
Phone numbers
Email Addresses
Home Addresses
Home Location Coordinates
Immigration Status
Parent/Guardian ID Number
District Student ID Numbers
Full Names (First, middle, last)
The city and country where the student was born
Parents Details (Full name, phone numbers, home and email addresses)

and a lot more…

Teachers and Other Staff Data

Like students, the data breach has significantly impacted teachers and other staff at the school. Hackread.com identified the following records on teachers while analyzing the data:

Gender
Ethnicity
Full Names
Date of Birth
Seniority Data
Staff ID Number
Email Addresses
Home Addresses
School they work for
Location Coordinates
Education/Qualification
School Names
Campus Codes
Employment Status
Years of Experience
Type of Employment (Regular, permanent or temporary)
The position they hold in the school (Teacher, technical, or grounds worker, etc)

and a lot more…

Hackread.com contacted the hacker who claimed responsibility for the attack and confirmed that this was a Snowflake-related breach. The hacker shared login credentials for the alleged Snowflake account used in the LAUSD data breach. They also warned that “a lot more is coming,” indicating further exploitation of the Snowflake vulnerability.

It is worth noting that the Snowflake software vulnerability was also the cause of the infamous Ticketmaster data breach. This vulnerability continues to be exploited by cybercriminals worldwide. Additionally, according to Bloomberg, LAUSD has acknowledged that the data breach occurred because a third-party vendor stored the stolen data on Snowflake.

Implications

Although the leaked records do not contain passwords or Social Security Numbers (SSNs), this is not a random data breach. It involves contact details and the physical locations of children, who are among the most vulnerable members of our society.

Parents, teachers, staff, and students are advised to be vigilant for any malicious activities that may occur under their names. This could include phishing scams, identity theft incidents, fake social media profiles, or attempts to sign up on malicious sites.

Source link

Students Data

Teachers and Other Staff Data

Snowflake Related Breach

Implications

RELATED TOPICS

Leave a Comment Cancel reply