PowerSchool, a major provider of education software solutions, confirmed a cyberattack that compromised personal data of students and teachers. The breach targeted its PowerSchool SIS platform, widely used by K-12 schools across the U.S. and globally. Sensitive information, including Social Security numbers and medical records, may have been exposed.
The Scope of the Incident
PowerSchool provides critical software to over 18,000 customers, supporting more than 60 million students. The platform integrates services ranging from student records to staff management. The breach occurred via the PowerSource support portal, which attackers accessed using stolen credentials. This access allowed them to export database tables containing student and teacher data.
The stolen data included:
- Contact details like names and addresses.
- Potentially, more sensitive information such as Social Security numbers, grades, and medical information in certain districts.
A spokesperson clarified that not all PowerSchool SIS customers were impacted. However, the breach is significant due to the scale and the sensitive nature of the stolen information.
Steps Taken by PowerSchool
In response to the breach, PowerSchool collaborated with cybersecurity experts, including CrowdStrike, to investigate and address the situation. Key measures included:
- Rotating passwords for all PowerSource accounts.
- Implementing stricter password policies to prevent future unauthorized access.
- Engaging a third-party advisor, CyberSteward, to negotiate with the attackers.
Unusually, PowerSchool admitted to paying a ransom to secure assurances from the attackers that the data had been deleted. The company stated that they received a video confirmation of the deletion but acknowledged there is no absolute guarantee.
Customer Guidance and Transparency
PowerSchool has pledged transparency and provided impacted school districts with resources to manage the fallout. These include:
- Communication packages for notifying teachers and families.
- Detailed instructions for checking whether their systems were affected.
IT personnel were also advised to review audit logs for evidence of unauthorized data exports, with a specific focus on entries associated with a maintenance user named “200A0.”
Industry and Expert Reactions
This incident underscores the growing vulnerability of educational institutions to cyberattacks. Education software platforms, due to their extensive data repositories, have become prime targets for cybercriminals.
Experts have pointed out that the use of a single support tool for troubleshooting customer data, while efficient, also creates a significant security risk if not adequately safeguarded. The involvement of CrowdStrike and other cybersecurity professionals highlights the complexity of modern cyberattacks.
Ongoing Investigations and Next Steps
The investigation remains active, with CrowdStrike expected to deliver a comprehensive report by January 17, 2025. In the meantime, PowerSchool is monitoring the dark web for signs of the stolen data being leaked.
For affected individuals, PowerSchool is offering:
- Credit monitoring for impacted adults.
- Identity protection services for minors.
The company emphasized that its operations are unaffected, and services continue uninterrupted despite the breach. However, questions remain about the long-term implications for affected school districts and the broader K-12 education community.