A recent cyberattack has struck PowerSchool, a major U.S. educational technology company, resulting in an alarming theft of comprehensive historical student and teacher data.
Active across the U.S. supporting over 50 million students, PowerSchool was compromised in December. Hackers infiltrated the firm’s customer support portal, gaining access to massive quantities of data pertaining to K-12 students and teachers. The threat actors behind the breach have yet to be disclosed.
The specifics of affected customers remain undisclosed by PowerSchool, but insiders have confirmed significant data theft. Both historical and current data have been compromised, according to individuals working in affected districts.
Speaking to the situation, one informant stated, “They got all historical student and teacher data”, with further concerns raised around evidence of access predating PowerSchool’s reporting. A second source added that the thieves accessed “demographic data for all teachers and students, both active and historical,” criticizing the lack of basic protective measures, such as multi-factor authentication security.
Some educational districts have publicly addressed the breach’s impacts. Menlo Park City School District confirmed that the data theft affected “all current students and staff,” as well as older records going back as far as the 2009-2010 school year.
Even former members of PowerSchool are also victims, as noted by Marc Racine, the CEO of education technology consulting firm RootED Solutions. This implies the breach’s scale could be even larger than initially understood.
Despite the ongoing investigation, PowerSchool has not yet revealed the exact scale of the breach. Breached data reportedly includes names, addresses, Social Security numbers, some medical records, grades, and other personal identifying information.
Original source: Read the full article on TechCrunch
