It is only February, but the last hacking of US Edtech Giant Powerschool has the ability to be one of the largest violations of the year.
Powerschool, which provides K-12 for more than 18,000 schools to support about 60 million students across North America, confirmed the breach in early January. The California -based company, which was acquired by Bain Capital for $ 5.6 billion in 2024, said that infiltrators used credit papers to violate their customer support portal, allowing more, attendance and registration.
“On December 28, 2024, we became aware of the potential cyberspace incident that includes unauthorized access to some SIS PowerSchool’s information through one of the clients focusing on society, Powersource,” said Powershool Beth Keepler Techcrunch.
PowerSchool was open around some aspects of the breach. Kibel told Techcrunch that Powersource portal, for example, did no Support Multi -factor authentication at the time of the accident, while PowerSchool did. But there are still a number of important questions without an answer.
Techcrunch PowerSchool has sent a list of distinguished questions about the accident, which has the ability to influence millions of students in Kebeler in the United States. She refused to answer our questions, saying that all updates related to breach will be published on Company accident page. On January 29, the company said it had begun to notify individuals affected by the rag and the state’s organizers.
Powerschool told the customers that it would participate by mid -January to report the accident from the Croldstrike, which the company rented to investigate the breach. But many sources working in schools that were influenced by breaching have told Techcrunch that they had not yet received it.
The company’s clients also have many unanswered questions, forcing those affected by the breach of work together to investigate the penetration.
Here are some questions that are not answered.
The number of schools or students is not known
I heard Techcrunch from PowerSchool outlets that its scale may be “huge”. However, PowerSchool has repeatedly refused to determine the number of schools and individuals despite telling Techcrunch that “it identified the schools and the areas that have shared their data in this incident.”
Bleeping computerQuoting multiple sources, reports that the infiltrator responsible for PowerSchool is claiming that he has reached personal data for more than 62 million students and 9.5 million teachers. PowerSchool has repeatedly refused to confirm whether this number is accurate.
Although PowerSchool will not give a number, the company’s recent files with the state lawyer indicate that millions have stolen personal information in the breach. In a file with Texas Public Prosecutor, for example, PowerSchool confirms that nearly 800,000 state residents have stolen data.
Communications from penetrating educational areas give a general idea of the volume of breach. TDSB, the largest board of directors in Canada, which serves about 240,000 students every year, said pirates may have reached about 40 years of student data, With data approximately 1.5 million students, they were taken in the breach. Likewise, the Mino Park City School area in California certain The infiltrator has reached information about all current students and employees-which number about 2700 students and 400 employees-in addition to students and employees whose history dates back to the beginning of the academic year 2009-10.
We still do not know the types of data stolen
Not only do we know the number of people affected, but we also do not know the amount or types of data accessed during the breach.
In a joint contact with its clients earlier in January, which was seen by Techcrunch, the company confirmed that the infiltrator stole “sensitive personal information” on students and teachers, including students ’grades, attendance and demography. The company’s accident page also states that the stolen data has included social security and medical data numbers, but it says that “due to the differences in customer requirements, the information differs for any specific individual through our customer base.”
TECHRUNCH also heard from multiple schools affected by the accident that “all” student data and historical teachers have been at risk.
One of the people working in a school affected by Techcrunch is that stolen data includes a very sensitive student data, including information about parental access rights of their children, including restrictions, and information about when students need to take their medicines.
A source speaking with Techcrunch in February revealed that PowerSchool has provided schools affected by the “Sis Self Service” tool that can inquire and summarize Powerschool customer data to show the data stored in their systems. Powerschool told the affected schools, however, that the tool “may not accurately reflect the data that has been unloaded at the time of the accident.”
It is not known whether PowerSchool has its own technical means, such as records, to determine the types of data stolen from the specific educational areas.
PowerSchool did not say about the amount he paid to the infiltrator responsible for the breach
PowerSchool Techcrunch told the organization that the organization has taken “appropriate steps” to prevent the publication of stolen data. In joint communication with customers, the company confirmed that it worked with an online incident response company to negotiate with the actors to the threat responsible for the breach.
All this confirms that PowerSchool paid a ransom for the attackers who violated their systems. However, when Techcrunch, the company refused to specify the amount it paid, or the amount of what the infiltrator requested.
We do not know the evidence that PowerSchool received that the stolen data has been deleted
Keibler told PowerSchool Techcrunch that the company “does not expect the data that is shared or published” and that “it believes that the data has been deleted without any repetition or post.”
However, the company has repeatedly refused to determine the evidence it received to indicate that the stolen data had been deleted. early Reports The company said she received a video evidence, but PowerSchool will not confirm or deny when requesting Techcrunch.
Even so, the proof of deletion is not a guarantee that the infiltrator is still in possession of the data; The last removal of the Lockbit Ransomware gang has discovered evidence that the gang still has data on the victims who paid a ransom request.
We do not yet know who was behind the attack
One of the largest unknown people about the electronic attack is responsible. The company was in contact with the infiltrator, but it refused to reveal its identity, if it was known. Cybsteward, the Canadian Accident Response Organization with which PowerSchool worked to negotiate, did not respond to Techcrunch questions.
Crowdstrike’s investigation results are still a mystery
PowerSchool works with Crowdstrike Investigations to investigate the breach. Powerschool customers were told that the results of the security company will be issued on January 17. However, the report has not yet been published, and the affected educational areas were told Techcrunch that they have not seen the report yet. Crowdstrike refused to comment when requesting Techcrunch.
Crowdstrike issued a temporary report in January, which was witnessed by Techcrunch, but did not include new details about the breach.
Do you have more information about PowerSchool data breach? We would like to hear from you. From a non -action device, you can safely call Carly Page a signal on +44 1536 853968 or via email on Carly.page@techcrunch.com.