- Malicious actors accessed the PowerSchool student information system and stole student and teacher data in December 2024.
- Several companies confirmed that all data, covering the period they used PowerSchool, had been taken.
- The data would have been deleted by the hackers
The recent cyberattack on education technology software company PowerSchool appears to be much worse than initially thought, as several companies said all of their data was stolen in the incident.
In late December 2024, an unidentified threat actor used stolen credentials to access its PowerSchool Student Information System (SIS) platform. From there, they were able to use the customer support tool “export data manager” to exfiltrate the tables from the “Students” and “Teachers” databases to a CSV file, which was then stolen.
Information seized in this attack included names and street addresses, and in some districts, the threat actors also obtained Social Security numbers (SSN), personally identifiable information (PII), medical information, and notes.
No ransomware
Although PowerSchool would not say how many schools were affected by the attack, TechCrunch I reached out to some and got confirmation that the incident was quite destructive.
Two anonymous sources from the affected school districts told the publication that the hackers were able to access “tons of personal data belonging to current and former students and teachers.”
One company said the criminals stole all historical student and teacher data, while another added that the demographics of all teachers and students, both active and historical, were taken.
In addition to these two organizations, which wished to remain anonymous, others also spoke publicly about the incident, it was further explained. The Menlo Park City School District also confirmed the theft of historical data, the Rancho Santa Fe School District filed a data breach notice, and RootED Solutions (a Boston-based educational technology consulting firm) said the breach of PowerSchool also affected school districts that no longer use the service, but did at some point.
PowerSchool said that although it was not a ransomware attack, the attackers were still paid to erase the data.
Via TechCrunch
