- Threat actors accessed PowerSchool student information system and stole data on students and teachers in December 2024
- Multiple companies confirmed all data, covering as long as they had used PowerSchool, was taken
- The data was allegedly deleted by the hackers
The recent cyberattack on education technology software firm PowerSchool appears to be a lot worse than initially thought, as multiple companies came forward to say that all of their data was stolen in the incident.
In late December 2024, an unidentified threat actor used stolen credentials to access its PowerSchool Student Information System (SIS) platform. From there, they were able to use the “export data manager” customer support tool to exfiltrate “Students” and “Teachers” database tables to a CSV file, which was then stolen.
The information grabbed in this attack included names, and postal addresses, and in some districts, the threat actors also obtained Social Security numbers (SSN), personally identifiable information (PII), medical information, and grades.
No ransomware
While PowerSchool didn’t want to say how many schools were affected by the attack, TechCrunch reached out to some, and got confirmation the incident was pretty destructive.
Two unnamed sources at affected school districts told the publication the hackers were able to access, “troves of personal data belonging to both current and former students and teachers.”
One company said the miscreants stole all historical student and teacher data, while another added that demographic data for all teachers and students, both active and historical, were grabbed.
Besides these two organizations, who wanted to remain anonymous, others also publicly spoke about the incident, it was further explained. Menlo Park City School District also confirmed historical data theft, Rancho Santa Fe School District filed a data breach notice, and RootED Solutions (edtech consulting company from Boston) said the PowerSchool breach also affects school districts who no longer use the service, but did at some point.
PowerSchool said while this wasn’t a ransomware attack, it still paid the attackers to have the data wiped.
Via TechCrunch