PowerSchool, a leading education software provider serving over 60 million students worldwide, has confirmed a significant cybersecurity incident affecting its PowerSchool SIS platform. The breach, discovered on December 28, 2024, resulted in unauthorized access to sensitive student and teacher information.
Key Details of the Breach:
– The attack targeted PowerSource, the company’s customer support platform
– Attackers used compromised credentials to access an “export data manager” tool
– Data stolen includes student and teacher database information
– Affected information may contain names, addresses, Social Security numbers, medical information, and academic records
Impact and Response:
– Not all PowerSchool SIS customers were affected
– The company engaged CrowdStrike for investigation
– PowerSchool implemented enhanced security measures, including password rotation
– Credit monitoring services are being offered to affected individuals
– The company paid a ransom to prevent data release
Technical Investigation:
– Initial data theft occurred on December 22, 2024
– Unauthorized access originated from IP address 91.218.50.11
– Affected schools can verify impact by checking maintenance user “200A0” in system logs
– CrowdStrike’s final investigation report expected by January 17, 2025
PowerSchool maintains that their operations remain unaffected and is working with impacted school districts to provide communication support and resources for affected individuals. The company continues to monitor for potential data leaks while implementing stronger security protocols.