Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label PowerSchool breach. Show all posts
Ransomware
Data Breach Personal Information PowerSchool breach Ransomware

Hackers Resurface with PowerSchool Data, Target Schools Again with New Threats

 


Hackers behind the 2024 cyberattack on PowerSchool have returned, this time going after individual schools. They're now threatening to leak private data unless schools pay them ransom.

PowerSchool is a major digital platform used in the education sector. It provides services to over 17,000 schools in more than 90 countries, helping around 50 million students. In December 2024, the platform suffered a major data breach where hackers managed to steal large amounts of sensitive information. Reports confirmed that the attackers accessed personal data of about 62 million students and 9 million staff members across more than 6,500 school districts in the US and Canada.

At that time, PowerSchool made the controversial decision to pay the attackers in hopes that the stolen data would be deleted. According to the company, it was not a decision taken lightly. They believed that paying the ransom was the best way to keep the private information from being made public. They were told by the hackers—and shown evidence — that the stolen data would be destroyed. However, it now appears that those promises were not kept.

Recently, schools have reported receiving direct messages from cybercriminals, warning them that the stolen data could be released if more ransom is not paid. These threats are based on the same data from the December breach, suggesting that the attackers never deleted it in the first place.

The stolen information includes highly personal details such as names, Social Security Numbers, home addresses, and even health-related information. This kind of data can be used to commit fraud or identity theft, which puts both students and staff at serious risk.

To reduce the chances of identity misuse, PowerSchool is offering two years of free credit and identity monitoring services to those affected. They also expressed regret for the situation and said they are working closely with law enforcement to handle the latest round of threats and prevent further damage.

This situation stresses upon the danger of trusting cybercriminals, even after a ransom is paid. It also shows how long the effects of a data breach can last, especially when sensitive personal information is involved.

Read more »
teacher data breach
Data Breach edtech security historical student records PowerSchool breach school cyberattack student data breach teacher data breach

PowerSchool Faces Massive Data Breach Impacting U.S. School Districts

 

Several U.S. school districts have revealed that a recent cyberattack on education technology provider PowerSchool exposed “all” historical student and teacher data stored in their systems, according to reports shared with TechCrunch.

PowerSchool, a leading school records software platform supporting over 60 million students nationwide, fell victim to an attack in December. Hackers reportedly accessed the company’s customer support portal using stolen credentials, exposing sensitive data from K-12 schools. The breach has yet to be linked to a specific hacker or group.

While PowerSchool has not disclosed how many districts were impacted, sources at affected schools confirmed the attackers gained access to vast amounts of data.

“In our case, they got all historical student and teacher data,” one school district representative told TechCrunch. The representative noted discrepancies in PowerSchool’s timeline, suggesting the attackers had access earlier than reported.

Another source from a district serving nearly 9,000 students said, “The attackers accessed demographic data for all teachers and students, both active and historical, as long as we’ve had PowerSchool.” This source criticized PowerSchool for lacking basic security measures like multi-factor authentication (MFA).

PowerSchool spokesperson Beth Keebler neither disputed these claims nor elaborated on the company’s security practices. She confirmed that MFA is used but provided no further details.

Widespread Impact Across School Districts
School districts such as Menlo Park City School District in California confirmed the breach affected data on all students and staff, including historical records dating back to 2009. Other districts have reported similar breaches involving personal information, Social Security numbers, and teacher credentials.

Educational technology consultant Mark Racine noted that the breach may extend beyond PowerSchool’s 18,000 current customers, potentially impacting former clients. In some cases, the number of affected individuals reportedly exceeds active enrollment figures by four to ten times.

PowerSchool stated it has “identified the schools and districts whose data was involved” and is working to determine which individuals were affected. While the company claims to have taken steps to prevent further dissemination of the stolen data, it declined to specify these measures.

“While our data review remains ongoing, we expect the majority of involved customers did not have Social Security numbers or medical information exfiltrated,” Keebler told TechCrunch.

The breach has raised serious concerns about data security in education, with calls for improved safeguards to protect sensitive information from future attacks.
Read more »
Subscribe to: Posts (Atom)