PowerSchool breach worse than thought, company says
- Threat actors gained access to PowerSchool’s student information system and stole student and teacher data in December 2024
- Several companies confirmed that all data relating to the period they had used PowerSchool had been collected
- The data was allegedly deleted by the hackers
The recent cyberattack on education technology software company PowerSchool appears to be much worse than initially thought, as multiple companies came forward to say that all their data was stolen in the incident.
In late December 2024, an unknown threat actor used stolen credentials to gain access to the PowerSchool Student Information System (SIS) platform. From there, they were able to use the ‘Export Data Manager’ customer support tool to exfiltrate the ‘Students’ and ‘Teachers’ database tables into a CSV file, which was then stolen.
The information captured in this attack included names and mailing addresses, and in some districts, the threat actors also obtained Social Security Numbers (SSN), Personally Identifiable Information (PII), medical information, and grades.
No ransomware
Although PowerSchool declined to say how many schools were affected by the attack, TechCrunch I contacted some and received confirmation that the incident was quite destructive.
Two unnamed sources in the affected school districts told the publication what the hackers had access to: “treasures of personal information of both current and former students and teachers.”
One company said the miscreants stole all historical data of students and teachers, while another company added that demographic data of all teachers and students, both active and historical, was captured.
In addition to these two organizations, which wished to remain anonymous, others also spoke publicly about the incident, it was further explained. Menlo Park City School District also confirmed historic data theft, Rancho Santa Fe School District filed a data breach notification, and RootED Solutions (Boston-based edtech consulting firm) said the PowerSchool breach also impacts school districts that no longer use the service, but did so at one point.
PowerSchool said that while this was not a ransomware attack, the attackers were still paid to have the data deleted.
Via TechCrunch