Summary: A recent CrowdStrike report reveals that threat actors accessed the PowerSchool customer support portal using compromised credentials leading up to a significant data breach in December 2024. Hackers exploited this entry point to steal sensitive personal information from students and educators. While PowerSchool has not disclosed the number of affected individuals, estimates suggest that around 70 million may have had their data compromised.
Affected: PowerSchool, various US and Canadian school districts
Keypoints :
- Threat actors used compromised maintenance account credentials to access the PowerSource portal and steal data.
- Personal information stolen includes names, contact details, dates of birth, medical information, and Social Security numbers.
- CrowdStrike found no evidence of the stolen data being sold on the dark web.
- PowerSchool engaged CyberSteward, indicating a possible ransom payment to prevent data leaks.
- The same compromised credentials were used in prior unauthorized access attempts without clear links to the December incident.
Source: https://www.securityweek.com/powerschool-portal-compromised-months-before-massive-data-breach/