PowerSchool breach worse than thought, company says "all" student and teacher data accessed

(Image credit: Unsplash)

Threat actors accessed PowerSchool student information system and stole data on students and teachers in December 2024
Multiple companies confirmed all data, covering as long as they had used PowerSchool, was taken
The data was allegedly deleted by the hackers

The recent cyberattack on education technology software firm PowerSchool appears to be a lot worse than initially thought, as multiple companies came forward to say that all of their data was stolen in the incident.

In late December 2024, an unidentified threat actor used stolen credentials to access its PowerSchool Student Information System (SIS) platform. From there, they were able to use the “export data manager" customer support tool to exfiltrate “Students” and “Teachers” database tables to a CSV file, which was then stolen.

The information grabbed in this attack included names, and postal addresses, and in some districts, the threat actors also obtained Social Security numbers (SSN), personally identifiable information (PII), medical information, and grades.

No ransomware

While PowerSchool didn’t want to say how many schools were affected by the attack, TechCrunch reached out to some, and got confirmation the incident was pretty destructive.

Two unnamed sources at affected school districts told the publication the hackers were able to access, "troves of personal data belonging to both current and former students and teachers."

One company said the miscreants stole all historical student and teacher data, while another added that demographic data for all teachers and students, both active and historical, were grabbed.

Besides these two organizations, who wanted to remain anonymous, others also publicly spoke about the incident, it was further explained. Menlo Park City School District also confirmed historical data theft, Rancho Santa Fe School District filed a data breach notice, and RootED Solutions (edtech consulting company from Boston) said the PowerSchool breach also affects school districts who no longer use the service, but did at some point.

PowerSchool said while this wasn’t a ransomware attack, it still paid the attackers to have the data wiped.

Via TechCrunch

Flaw in Google OAuth system exposing millions of users via abandoned accounts
Here's a list of the best antivirus tools on offer
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.