Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
We are only a few months until 2025, but the last penetration of Edtech Giant Powerschool is on the right path to be one of the largest educational data violations in recent years.
PowerSchool, which provides K-12 for more than 18,000 schools to support about 60 million students across North America, revealed for the first time a data breach in early January 2025.
California -based company, Which Bain Capital received for $ 5.6 billionOne of the unknown infiltrators said the use of one accreditation data to violate its customer support portal in December 2024, allowing more access to the company’s school information system, and PowerSchool SIS, which schools use to manage student records, grades, attendance and registration.
While PowerSchool was open about some aspects no Support for multiple factors at the time of the accident-there are still several important questions that have not been answered.
TECHRUNCH POWERSCOOL send a list of distinguished questions about the accident, which is likely to affect millions of students.
PowerSchool Beth Keepler refused to answer our questions, saying that all updates related to violation will be published on Company accident page. On January 29, the company said this He started notifying individuals It was affected by the rag and the state’s organizers.
Many of the company’s customers also have great questions about breach, Forcing those affected to work together to investigate the penetration.
In early March, PowerSchool published her breach after death, It was prepared by CroldstrikeTwo months after PowerSchool’s customers told it to be released. While many details in the report were known, Crowdstrike confirmed this The infiltrator was able to reach PowerSchool systems in early August 2024.
Here are some questions that are not answered.
PowerSchool did not say the number of students or affected employees
I heard Techcrunch from PowerSchool customers that the volume of data breach may be “huge”. But PowerSchool has repeatedly rejected the number of schools and individuals, although Techcrunch was told that “it identified schools and provinces whose data were involved in this accident.”
Bleeping computerQuoting multiple sources, it was reported in January that the infiltrator responsible for PowerSchool violated has reached personal data for more than 62 million students and 9.5 million teachers.
When asked by Techcrunch, Powerschool refused to confirm whether this number is accurate.
However, PowerSchool files with state lawyers and communications from schools that have been hacked, most likely indicate that millions of people have stolen personal information in data breach.
In a file with the Texas Public Prosecutor, PowerSchool confirmed that nearly 800,000 state residents have stolen data. A member of the Mine State Prosecutor said that at least 33,000 residents were affected, but this has been since then to update Saying that the number of affected individuals “must be determined.”
Toronto County School Council, the largest board of directors in Canada serving about 240,000 students every year, The infiltrator said It may have reached about 40 years of student data, With data approximately 1.5 million students, they were taken in the breach.
The Mino Park City School area in California is also certain The infiltrator reached information about all current students and employees-which number about 2700 students and 400 employees-in addition to students and employees who return to the beginning of the academic year 2009-10.
PowerSchool did not say the types of data stolen
Not only do we know the number of people affected, but we also do not know the amount or types of data accessed during the breach.
In a joint contact with customers in January, which Techcrunch saw, PowerSchool said that the infiltrator stole “sensitive personal information” on students and teachers, including students, attendance, and demography. The company’s accident page also states that the stolen data has included social security and medical data numbers, but it says that “due to the differences in customer requirements, the information differs for any specific individual through our customer base.”
Techcrunch has hearing Of many of the incidents affected by the accident, “all” of the student and historical teacher data is exposed to danger.
One of the people working in a school area affected by Techcrunch was told that stolen data includes a very sensitive student data, such as information about parental access rights to their children, restricting requests, and information about when students need to take their medicines.
A source speaking with Techcrunch in February revealed that PowerSchool has provided schools affected by the “Sis Self Service” tool that can inquire and summarize Powerschool customer data to show the data stored in their systems. Powerschool told the affected schools, however, that the tool “may not accurately reflect the data that has been unloaded at the time of the accident.”
It is not known whether PowerSchool has its own technical means, such as records, to determine the types of data stolen from the specific educational areas.
Powerschool will not say the amount of the infiltrator responsible for the breach
PowerSchool Techcrunch told the organization that the organization has taken “appropriate steps” to prevent the publication of stolen data. In joint communication with customers, the company confirmed that it worked with an online incident response company to negotiate with the actors to the threat responsible for the breach.
All this confirms that PowerSchool paid a ransom for the attackers who violated their systems. However, when Techcrunch, the company refused to specify the amount it paid, or the amount of the infiltrator’s request.
We do not know the evidence that PowerSchool received that the stolen data has been deleted
Keibler told PowerSchool Techcrunch that the company “does not expect the data that is shared or published” and that “it believes that the data has been deleted without any repetition or another publishing.”
However, the company has repeatedly refused to determine the evidence it received to indicate that the stolen data had been deleted. early Reports The company said she received a video evidence, but PowerSchool will not confirm or deny when requesting Techcrunch.
Even so, the proof of deletion is not a guarantee that the infiltrator is still in possession of the data; The recent removal in the UK discovered Lockbit Ransomware Evidence for this The gang still has data belonging to the victims who paid a ransom request.
Pirates are not known behind data breach yet
One of the largest unknown people about the electronic attack is responsible. The company was in contact with the infiltrator, but it refused to reveal its identity, if it was known. Cybsteward, the Canadian Accident Response Organization with which PowerSchool worked to negotiate, did not respond to Techcrunch questions.
Crowdstrike Forensic Report leaves questions without an answer
After PowerSchool from Crowdstrike In March, a person at a school of violation was told Techcrunch that the results were “disappointing.”
The report emphasized that the breach was caused by accreditation data at risk, but the root cause of how to obtain profitable accreditation data and its use is still unknown.
“The report provides” some details “, there is not enough information” to understand the error. “
It is not known exactly to what extent does PowerSchool violate go
One of the new details in the Crowdstrike report is that one of the infiltrators managed to access the PowerSchool network between August 16, 2024 and September 17, 2024.
Access has been obtained using the same accreditation data at risk used in December breach, and the infiltrator has reached PowerSchool PowerSource, the same customer support portal in December to reach the school information system in PowerSchool.
However, Croldstrike said that there is not enough evidence for the conclusion that this is the same representative of the threat responsible for December breach due to insufficient records.
But the results indicate that the infiltrator – or many infiltrators – may have been able to access the PowerSchool network for several months before discovering access.
Do you have more information about PowerSchool data breach? We would like to hear from you. From a non -action device, you can connect to Carly Page in a safe way to indicate +44 1536 853968 or via email on carly.page@techcrunch.com.