PowerSchool hit by cyberattack which saw student and teacher data stolen

A digital representation of a lock
(Image credit: Altalex)

  • PowerSchool said that in late December, threat actors accessed its student information system and stole data on students and teachers
  • We don't know exactly how many people were affected by the breach
  • The data was allegedly deleted

PowerSchool, a major education technology software platform for K-12 schools, has confirmed suffering a cyberattack resulting in the theft of sensitive student and teacher information. Furthermore, the company decided to pay a ransom demand to have the data deleted.

In late December 2024, an unidentified threat actor used stolen credentials to access its PowerSchool Student Information System (SIS) platform. From there, they were able to use the “export data manager" customer support tool to exfiltrate “Students” and “Teachers” database tables to a CSV file, which was then stolen.

The information grabbed in this attack includes names, and postal addresses, and in some districts, the threat actors also obtained Social Security numbers (SSN), personally identifiable information (PII), medical information, and grades.

A ransomware attack

PowerSchool notified the affected individuals via a breach notification letter, and stressed that not all PowerSchool SIS customers were impacted.

Only a subset of customers received the update, with a PowerSchool spokesperson adding items such as customer tickets, customer credentials, or forum data were not exposed or exfiltrated.

We don’t know exactly how many people were exposed in the incident, but apparently, the data was deleted.

PowerSchool said hile this wasn’t a ransomware attack, it still paid the attackers to have the data wiped.

"With their guidance, PowerSchool has received reasonable assurances from the threat actor that the data has been deleted and that no additional copies exist." The publication asked the company how much money it paid for this, but did not get a straight answer: "Given the sensitive nature of our investigation, we are unable to provide information on certain specifics."

In recent times, some ransomware operators stopped deploying the encryptor and started focusing solely on data exfiltration, since it’s cheaper, easier, and more convenient, with the same end result.

Via BleepingComputer

You might also like

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
How to prevent cyberattacks
PowerSchool breach worse than thought, company says "all" student and teacher data accessed
security
PowerSchool hack keeps getting worse - 62 million students now thought to be affected
Red padlock open on electric circuits network dark red background
Publishing giant Scholastic hit by hackers, data on 8 million people stolen
Classroom
Schools are facing greater cybersecurity threats than ever before
Data leak
Popular online bill paying site leaks data of thousands of users
Doctor working on laptop
Another major US hospital hacked, data on 1.4 million patients leaked
Latest in Security
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Meta warns of worrying security flaw hitting open source type software
Hand holding smartphone and scan fingerprint biometric identity for unlock her mobile phone
Biometrics add another layer of security to passwordless authentication
Data leak
Hacked Tata Technologies data leaked by ransomware gang
A close-up photo of an iPhone, with the App Store icon prominent in the center of the image.
Thousands of iOS apps found to expose user data and leak Stripe keys
China
Chinese hackers targeting Juniper Networks routers, so patch now
Latest in News
NordicTrack Ultra 1
The new NordicTrack Ultra 1 treadmill looks like it was designed by an architect and costs $15,000
An Nvidia GeForce RTX 5070
Nvidia RTX 5080 stock is so barren that retailers are holding competitions where you can "win" the right to buy one for MSRP
Assassin's Creed Shadows
Ubisoft shareholder accuses publisher of 'misleading investors', plans protest outside Paris HQ
Google Gemini AI logo on a smartphone with Google background
I made an AI version of Bilbo Baggins using Goggle Gemini for free, and shared a pipe with him outside Bag End – here’s what you can now do with Gems
Nicole Kidman wears a blue blouse with her arms crossed.
Netflix might be renewing The Perfect Couple and Beauty in Black for season 2, but I don’t get why when it’s canceled shows with poorer ratings
The Russo brothers posing for a photograph and Herman carrying a Volkswagen camper van in The Electric State
'We're optimists': AI enthusiasts Joe and Anthony Russo defend its use in movies and TV shows, but admit there are 'very real dangers' around its application