Summary: PowerSchool has released a CrowdStrike investigation report detailing a significant data breach that initially occurred in August and September 2024, affecting the sensitive information of millions of students and teachers. The breach involved unauthorized access to PowerSchool’s customer support portal, exposing critical personal data and raising concerns about the lack of transparency regarding the number of individuals impacted. Although the threat actors reportedly refrained from leaking stolen data after an extortion payment, the extent of the breach remains alarming and unclear.
Affected: PowerSchool, K-12 education institutions
Keypoints :
- PowerSchool experienced a data breach affecting data of up to 72 million individuals, including students and teachers.
- Unauthorized access was gained through compromised credentials to the PowerSource portal, enabling data exfiltration.
- The breach impacted 6,505 school districts worldwide, with a total of over 62 million students and 9.5 million teachers involved.