Skip to content

Student, teacher info stolen in PowerSchool cyberattack

  • by
  • 2 min read

PowerSchool, one of the most prominent student information system vendors, has admitted to its IT environment being compromised in a cyberattack “using a compromised credential.” The breach resulted in the theft of students’ and teachers’ personal data, including Social Security Numbers and medical information.

The business explained in an email to its clients that an unauthorised actor could gain access to its systems on December 28 using compromised credentials, as reported by The Register. According to one school CTO, the firm took nearly two weeks to inform users.

The hacker got away with two tables within the student information system database, primarily including data like names and addresses of students and teachers. According to the company’s letter, these tables might include “Social Security Number, other personally identifiable information, and limited medical and grade information” for a “certain subset of the customers.”

Regardless, the attack didn’t involve ransomware or any other bug exploitation. Instead, it was a simple network penetration attack. PowerSchool has called in an independent cybersecurity firm to conduct a complete system audit and investigate the issue to determine what happened and what customers were affected. It also deactivated the compromised credentials and restricted access to the affected portal. A complete password reset has been implemented, and password and access control has been “further tightened” for all PowerSource customer support portal accounts.

Any adults affected by the breach will be provided free credit monitoring, while minors get subscriptions to an unnamed identity protection service. This is often the standard response from a company undergoing a data breach incident and helps protect exposed users in case the leaked data is used for malicious purposes.

PowerSchool’s cloud-based system is used by nearly 18,000 customers worldwide, including in the US and Canada, to handle attendance records, grading, and personal information of more than 60 million K-12 students and teachers.

In the News: New Banshee malware evades macOS encryption to steal data and wallets

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>