- Threat actors accessed the PowerSchool student information system and stole student and faculty data in December 2024.
- Several companies confirmed that all data was taken, covering the entire time they used PowerSchool.
- The data was allegedly deleted by the hackers.
The recent cyberattack on educational technology software company PowerSchool appears to be much worse than initially thought, as several companies said all of their data was stolen in the incident.
In late December 2024, an unidentified threat actor used stolen credentials to access its PowerSchool Student Information System (SIS) platform. From there, they were able to use the “export data manager” customer support tool to extract the “Students” and “Teachers” database tables to a CSV file, which was then stolen.
The information obtained in this attack included names and mailing addresses, and in some districts, the threat actors also obtained Social Security numbers (SSN), personally identifiable information (PII), medical information, and qualifications.
No ransomware
While PowerSchool would not say how many schools were affected by the attack, TechCrunch I contacted a few and got confirmation that the incident was quite destructive.
Two anonymous sources at the affected school districts told the publication that hackers were able to access “treasures of personal data belonging to current and former students and teachers.”
One company said that bad actors stole all historical data of students and teachers, while another added that demographic data of all teachers and students, both active and historical, was stolen.
In addition to these two organizations, which wanted to remain anonymous, others also spoke publicly about the incident, it was explained later. The Menlo Park City School District also confirmed the theft of historical data, the Rancho Santa Fe School District filed a data breach notice, and RootED Solutions (Boston educational technology consulting company) said the PowerSchool breach also It affects school districts that no longer use the service, but did. some point.
PowerSchool said that while it was not a ransomware attack, it still paid the attackers to delete the data.
Through TechCrunch
