This week, online reports emerged of a major data breach involving millions of students in the United States. The hacker demands Bitcoin (BTC) payment to prevent the public from disclosing sensitive information. The security breach appears to be part of a larger attack against a cloud database.
Student data at risk of disclosure
On Tuesday, two US educational institutions received a warning that sensitive information had been hacked. A hacker known as Sp1d3r announced that the data of more than 4 million American students was at risk of being publicly disclosed.
The hacker claims to have stolen information from Los Alamos Public Schools and Edgenuity, an online learning platform. Apparently the information comes from Edgenuity’s Snowflake accounts and LASchools.net.
Sp1d3r’s ransom post warning the victims. Source: Dark Web Informer on X
It should be noted that despite the hacker’s message that the information came from schools in Los Angeles, the website cited comes from Los Alamos Public Schools, a school district in the Los Alamos area of New Mexico.
As reported According to Bloomberg, the cloud-based data analytics company suffered a series of “targeted” cyberattacks against Snowflake users without 2-factor authentication (2FA). According to the report, hackers are demanding payments ranging from $300,000 to $5 million for stolen sensitive data.
Sp1d3r warned the victims, asking for 30 Bitcoins, or about $2 million, or the students’ information would be made public. The data includes details on millions of minors, K-12 students, as well as their parents.
According to the list, students’ names, addresses, financial data, disciplines, grades, GPAs and performance scores were stolen. Additionally, the hacker has the victims’ medical information and parents’ online login credentials.
Victims have until June 25 to make the payment in Bitcoin. Likewise, the hacker recently issued a warning to users of the Santander group bank, demanding a payment of 30 Bitcoins for the data of more than 30 million customers in Spain, Chile and Uruguay.
$27 million in Bitcoin made by Hacker group leader
The attack on Snowflake’s database was attributed to hacking group “UNC5537” by Google’s Madiant security firm. According to the investigation, it is possible that the hacking group, based in Turkey and the United States, collaborated with another group called “Scattered Spider” for their attacks.
The group of cybercriminals apparently consists of young adults aged 19 to 22 in the US and UK, focusing on data theft and extortion. The hacking group recently made headlines after the arrest of an alleged member of the network in Spain.
During the weekend, Murcia Today reported that a 22-year-old British man was arrested in Palma de Mallorca. The man was arrested on suspicion of being the ringleader of Scattered Spider.
According to the report, Spanish authorities worked with the FBI to capture the man as he prepared to board a plane to Italy. The suspect entered Spain at the end of May through Barcelona airport.
Police said the arrested man had do approximately 400 Bitcoins, worth $27 million, by stealing sensitive information from companies and selling it.
Bitcoin is trading at $65,087 in the three-day chart. Source: BTCUSDT on TradingView
Featured image from Unsplash.com, chart from TradingView.com
