- PowerSchool said that in late December, threat actors accessed its student information system and stole student and faculty data.
- We don't know exactly how many people were affected by the breach.
- The data was supposedly deleted.
PowerSchool, a leading educational technology software platform for K-12 schools, has confirmed that it suffered a cyberattack that resulted in the theft of confidential student and teacher information. Furthermore, the company decided to pay a ransom to delete the data.
In late December 2024, an unidentified threat actor used stolen credentials to access its PowerSchool Student Information System (SIS) platform. From there, they were able to use the “export data manager” customer support tool to extract the “Students” and “Teachers” database tables to a CSV file, which was then stolen.
The information obtained in this attack includes names and mailing addresses, and in some districts, the threat actors also obtained Social Security numbers (SSN), personally identifiable information (PII), medical information, and qualifications.
A ransomware attack
PowerSchool notified affected individuals via a breach notification letter and emphasized that not all PowerSchool SIS customers were affected.
Only a subset of customers received the update, and a PowerSchool spokesperson added that items such as customer tickets, customer credentials, or forum data were not exposed or leaked.
We don't know exactly how many people were exposed in the incident, but the data was apparently deleted.
PowerSchool said that while it was not a ransomware attack, it still paid the attackers to delete the data.
“With your guidance, PowerSchool has received reasonable assurances from the threat actor that the data has been deleted and that no additional copies exist.” The publication asked the company how much money it paid for it, but did not get a clear answer: “Given the sensitive nature of our investigation, we cannot provide information on certain details.”
Recently, some ransomware operators stopped deploying the encryptor and started focusing solely on data exfiltration as it is cheaper, easier and more convenient, with the same end result.
Through beepcomputer
