"Millions Impacted by PowerSchool Data Breach"
Share
School districts in the US and Canada claim that hackers stole all their historical data from a compromised PowerSchool service in a data breach that appears to impact millions of students and educators. PowerSchool provides education software and services to more than 16,000 K12 schools and school districts in the US, Canada, and other countries worldwide. PowerSchool informed its customers on January 7 that hackers stole their information from the PowerSchool Student Information System (SIS) service. According to the company, the attackers accessed the SIS service through the PowerSource customer support portal, stealing the names, contact information, dates of birth, medical information, Social Security numbers, and other information of both students and educators. PowerSchool told its customers that "a compromised credential" was used to access PowerSchool SIS. The credential was tied to a maintenance account, giving the threat actor broad and deep access to many PowerSchool customers' data. The company said that it engaged with Canadian firm CyberSteward to negotiate with the attackers and ensure that the stolen data is not shared publicly, which suggests that PowerSchool paid the ransom and received reasonable assurances that the data was deleted. At least 2.7 million records are confirmed to have been affected to date. The hackers reportedly stole data from more than 6,500 school districts, with the number of potentially impacted individuals likely exceeding 72 million: approximately 62.5 million students and over 9.5 million educators. It is currently unknown who the threat actor behind the data breach is or how they came by the compromised credential. Although the company told customers that the stolen data was deleted and would not be shared publicly, PowerSchool is providing the impacted individuals with two years of free identity theft and credit monitoring services, even if their Social Security numbers were not stolen in the attack.
SecurityWeek reports: "Millions Impacted by PowerSchool Data Breach"