- New PowerSchool data, reportedly found in the ransom demand, now puts the number of affected students at 62 million
- More than nine million teachers also affected
- The victims are located in the United States, Canada and elsewhere.
The attack on PowerSchool appears to have been much worse than originally believed, as new reports now claim that more than 62 million students and nine million teachers were affected by the attack.
In late December 2024, an unidentified threat actor used stolen credentials to access its PowerSchool Student Information System (SIS) platform. From there, they were able to use the “export data manager” customer support tool to extract the “Students” and “Teachers” database tables to a CSV file, which was then stolen.
The information obtained in this attack included names and mailing addresses, and in some districts, the threat actors also obtained Social Security numbers (SSN), personally identifiable information (PII), medical information, and qualifications.
Investigation in progress
It has since been reported that the attackers stole the personal data of 62,488,628 students and 9,506,624 teachers, citing both the attacker and many other sources. In total, it was said, 6,505 school districts in the United States, Canada and other countries were affected. The figures supposedly come from the extortion demand sent to the violated company.
The Toronto District School Board, Peel District School Board and Dallas Independent School District appear to be the most affected.
PowerSchool was said to have declined to comment on the new findings, especially as its investigation is still ongoing. However, the company told the publication that the type of data exposed varies by district. This is because school districts decide what information they will store in the SIS database, based on state or district policy requirements.
“For this reason, it is expected that less than a quarter of the affected students had their social security number exposed in the breach,” BleepingComputer said, citing the company.
“We care deeply about the students, teachers and families we serve and are fully committed to supporting them. “PowerSchool will offer two years of free identity protection services and two years of free credit monitoring services for all students and educators whose information was involved,” the company told BleepingComputer in a written statement.
Through beepcomputer
