PowerSchool hack could affect millions of K-12 students

Education software giant PowerSchool suffered from a hack that might have put the sensitive data of K-12 students and teachers at risk. It’s unclear how many people were affected, but the PowerSchool Student Information System (SIS) platform contains the data of over 60 million students and 18,000 customers.

Some of the leaked data could be limited to names and addresses but some school districts may have been hit harder, with data like Social Security numbers (SSNs), personally identifiable information (PII), grades, and medical information being stolen, as reported by Bleeping Computer.

Recommended Videos

PowerSchool comments that it only became aware of the situation last month. It sent out a message to affected customers, saying, “As a main point of contact for your school district, we are reaching out to make you aware that on December 28, 2024, PowerSchool became aware of a potential cybersecurity incident involving unauthorized access to certain information through one of our community-focused customer support portals, PowerSource.”

The threat actor gained access using compromised credentials and then stole the data using an “export data manager.” The hackers used a maintenance access tool used by PowerSchool engineers for customer support and troubleshooting.

Related

  • This PowerPoint ploy could help hackers empty your bank account

  • The world’s most sensitive data could be vulnerable to this new hack

  • Apple paid a student $100,000 for successfully hacking a Mac

Once in, the hacker put all the data in a CSV file to steal it. However, not all data was taken since PowerSchool also told Bleeping Computer that data such as customer tickets, customer credentials, and forum data were not exposed. Also, the company says that not all PowerSchool SIS customer data is compromised, and only a subset will be notified that their data was leaked — but it’s unclear how many could potentially be affected in this cybersecurity incident.

The company is taking the situation seriously, changing all passwords and applying stronger guidelines. It also contacted cybersecurity experts, including CrowdStrike, to handle the situation. PowerSchool also worked with CyberSteward, a professional advisor with vast experience dealing with threat actors.

Although this reportedly was not a ransomware attack, PowerSchool ended up paying a ransom to prevent the data from being leaked. The threat actors gave PowerSchool logical assurances that the stolen data was erased. PowerSchool saw the data being erased on video, but there’s always a chance that it wasn’t fully erased — let’s hope that it was.

Despite the incident, PowerSchool is up and running and offers credit monitoring services to affected adults. If you want to make sure whether your school district was affected, check out the guide in this Bleeping Computer coverage.

Editors’ Recommendations

  • 100 million affected in worst U.S. health care data breach of all time

  • This dangerous hacking tool is now on the loose, and the consequences could be huge

  • Destructive hacking group REvil could be back from the dead

  • Apple’s iMac Pro could get an all-powerful 12-core chip

  • iPod hack puts 50 million Spotify songs in your pocket




Related posts

Latest posts

There’s a clear winner in our Galaxy S25 Ultra vs iPhone 16 Pro Max camera test

Can the new Samsung Galaxy S25 Ultra beat the Apple iPhone 16 Pro Max in a camera comparison? We found out, and it was clear which phone won.

Nvidia GPUs just got a huge upgrade, and no one is talking about it

The new update for Alan Wake II is here and it adds new Nvidia tech to improve ray tracing performance across all RTX GPUs.

ChatGPT’s latest model is finally here — and it’s free for everyone

OpenAI released its o3-mini reasoning model to all users (including free tier) on Friday.

Here’s why I recommend the RTX 4080 Super over the RTX 5080

The RTX 5080 and 4080 Super are the second-best cards of their generations, but how do they compare, and is the newer card worth upgrading to?

Samsung Galaxy S25 Plus vs. Galaxy S24 Plus: what’s new?

The Samsung Galaxy S25 Plus is eerily similar to last year's Galaxy S24 Plus. But there are differences that you must be aware about before buying the new phone.

Don’t miss this $300 discount for the new Dell XPS 13 laptop with Copilot

The Dell XPS 13 9350, a Copilot+ laptop with the Intel Core Ultra 7 256V Series 2 processor and 16GB of RAM, is on sale from Dell at $300 off -- down to $1,160.

Microsoft is letting anyone use ChatGPT’s $200 reasoning model for free

Microsoft is adding OpenAI’s o1 model to its Copilot AI experience as a feature called Think Deeper. It is available for free to all users with a Microsoft account.

Samsung’s Galaxy S25 Edge shows what the Galaxy S25 series should have been

Samsung is staying stagnant with the Galaxy S25 series, but the upcoming Galaxy S25 Edge provides a glimpse into the future.

Every Samsung Galaxy S25 owner should buy this wireless charging case

Samsung’s new Galaxy S25 series brings a few improvements, especially for the flagship . While the new ultrawide camera, improved build, and thinner body may be the ones that stand out the most, one particular feature could offer the best quality of life improvements. The Galaxy S25 Ultra comes equipped with the same 45W charging […]

Samsung has a sluggish Q4 2024 but sees its next foldables as a key game-changer

Samsung posted its Q4 2024 earnings report, which contained a teaser for new foldables.