Summary: PowerSchool, an education software provider, experienced a cybersecurity incident that led to the theft of personal information from students and teachers across various school districts. The breach involved unauthorized access to their customer support portal, resulting in the export of sensitive data.
Threat Actor: Unknown | unknown
Victim: PowerSchool | PowerSchool
Key Point :
- PowerSchool confirmed the breach occurred on December 28, 2024, through compromised credentials.
- The stolen data primarily includes contact details, and for some districts, it may also contain Social Security numbers and other sensitive information.
- PowerSchool engaged cybersecurity experts and paid a ransom to prevent data release, although they received assurances that the data was deleted.
- Impacted individuals are being offered credit monitoring and identity protection services.
- The investigation is ongoing, with a report from CrowdStrike expected by January 17, 2025.