Skip to content
Home » Blog » Breach (and extortion) of the LARGEST provider of cloud-based education software for K-12

Breach (and extortion) of the LARGEST provider of cloud-based education software for K-12

“PowerSchool has taken all appropriate steps to prevent the data involved from further unauthorized misuse and does not anticipate the data being shared or made public. PowerSchool believes the data has been deleted without any further replication or dissemination.”

Introduction to the Breach

Powerschool, a leading provider of cloud-based education software, has discovered unauthorized data access. The service reaches over 50 million students. A threat actor accessed the internal customer support portal using stolen credentials. This breach affects many U.S. school districts and may have exposed sensitive student information. Such information includes social security numbers, addresses, and medical histories. Districts are working with Powerschool to identify the accessed data.

 

Response to the Incident

There was no ransomware attack. However, the threat actor demanded a ransom to keep the stolen data private. Powerschool stated, “We have taken steps to prevent misuse of the data and do not expect it to be shared or made public. We believe the data has been deleted without further sharing or replication.” Yet, tracking stolen data on remote systems is challenging which renowned security researcher/reporter Brian Krebs references below:

Krebsonsecurity.com

Security Weaknesses and Recommendations

The stolen credentials likely came from phishing or other social engineering tactics. The articles do not specify the exact method or mention multi-factor authentication (MFA). Implementing MFA adds a security layer beyond simple username and password. It could prevent brute force attacks and notify users of unauthorized logins. Educating users on cybersecurity is also crucial. Even if a system does not support MFA, integrating a third-party single sign-on (SSO) solution is possible. A strong password policy is essential for safeguarding accounts.

Impact of the Breach

The major concern with this breach is that it required only user deception to gain access. Once the actor logged into the portal, they could access all its data. Systems should enforce access controls to limit user access based on necessity.

If you or your student are affected:

  1. Check what personal information your school district stores in Powerschool. If it includes sensitive data, ask your district what was compromised.
  2. If your student’s social security number was breached, freeze their credit with the three major credit bureaus. This action is vital for protecting your child’s future credit.
  3. Use a password manager to create and store complex passwords for both work and personal accounts. This prevents the use of known compromised passwords.
  4. Enable MFA wherever possible. This step adds an extra layer of security.
  5. Ensure that all users and employees receive cybersecurity training. This is increasingly important as SaaS products become widespread in schools, organizations, and families.

If you would like you can find more information from this article: 

https://techcrunch.com/2025/01/09/powerschool-says-hackers-stole-students-sensitive-data-including-social-security-numbers-in-data-breach/