Data Blizzard Hits LA Schools: Students data stolen in Snowflake Hack

Published on : 27 Jun 2024

Data Blizzard Hits LA Schools: Students data stolen in Snowflake Hack

In a recent development that has raised concerns across the education sector, Los Angeles Unified School District (LAUSD) has confirmed a significant data breach involving student information. The breach, linked to a hack of the district’s Snowflake account, has exposed sensitive data pertaining to students and employees enrolled in the sprawling district. 

Snowflake is a cloud database platform used by companies worldwide to store their data. 

The hack was conducted by a threat actor known as ‘Sp1d3r’ who has been implicated in hacking and selling data from reputed companies such as TicketMaster, Satandar Bank, Advance Auto Parts, and Pure Storage. 

The incident came to light on June 6, when LAUSD officials became aware of an account from Sp1d3r purporting to offer certain student and employee data for sale. Upon investigation, it was revealed that personal information such as student names, addresses, dates of birth, and potentially other sensitive details had been compromised. 

A joint investigation by Mandiant, Snowflake, and CrowdStrike revealed that Sp1d3r tracked as UNC5537, used stolen customer credentials to target at least 165 organizations that had not enabled multi-factor authentication (MFA) on their accounts. Once they accessed the accounts, the attackers downloaded all the data and attempted to extort the companies, threatening to sell or leak the data if their demands were unmet. 

LAUSD officials have announced that it has informed the FBI, CISA, and its vendors to investigate the incident further. 

Data put on sale 

On June 18, Sp1d3r posted snippets of the data it stole on a hacking forum and began selling the data for $150,000. The data includes student names, addresses, family information, demographics, financial records, grades, performance scores, disability details, discipline records, and parent information. 

Another threat actor in play 

It has been reported that along with Sp1d3r, another threat actor actor named ‘Satanic’ also accessed the data and began selling it for $1,000, but later made it free for anyone who wishes to exploit it. However, it is not clear where the data originated from as it was not from Snowflake. LAUSD officials have also not commented on this. 

 In response to the data sale, LAUSD officials have begun working with its vendors, the FBI, and the Cybersecurity and Infrastructure Security Agency to investigate the incident further. 


The ramifications of this breach extend beyond immediate security concerns. Parents and guardians of students in LAUSD have been urged to remain vigilant about any unusual activity related to their children’s personal information as the threat actors can exploit them for nefarious purposes. 

As the situation unfolds, LAUSD and Snowflake Inc. are expected to provide updates on their efforts to address the breach and safeguard student data. Meanwhile, the incident serves as a stark reminder of the persistent cybersecurity challenges faced by educational institutions in an increasingly digital age. 

Narendra Sahoo
Narendra Sahoo

Narendra Sahoo (PCI QPA, PCI QSA, PCI SSF ASSESSOR, CISSP, CISA, CRISC, 27001 LA) is the Founder and Director of VISTA InfoSec, a global Information Security Consulting firm, based in the US, Singapore & India. Mr. Sahoo holds more than 25 years of experience in the IT Industry, with expertise in Information Risk Consulting, Assessment, & Compliance services. VISTA InfoSec specializes in Information Security audit, consulting and certification services which include GDPR, HIPAA, CCPA, NESA, MAS-TRM, PCI DSS Compliance & Audit, PCI PIN, SOC2 Compliance & Audit, PDPA, PDPB to name a few. The company has for years (since 2004) worked with organizations across the globe to address the Regulatory and Information Security challenges in their industry. VISTA InfoSec has been instrumental in helping top multinational companies achieve compliance and secure their IT infrastructure.