In This Article:
This story was originally published on K-12 Dive. To receive daily news and insights, subscribe to our free daily K-12 Dive newsletter.
Dive Brief:
-
PowerSchool became aware of a “potential” cybersecurity incident on Dec. 28 involving the unauthorized access of some student and staff information through its PowerSource service, the company confirmed to K-12 Dive on Thursday. PowerSource is a customer support portal for district and school staff.
-
A PowerSchool spokesperson said in an emailed statement that “the incident is contained and we do not anticipate the data being shared or made public.” The company said the incident was not a ransomware attack.
-
When asked about the scope of this data breach, PowerSchool did not comment on the number of students, teachers or school districts impacted by the incident. A growing number of districts — including San Diego Unified School District and Massachusetts’ Lenox Public Schools — are publicly reporting they’ve been alerted by PowerSchool that their data was accessed by the threat actor.
Dive Insight:
The hacker is believed to have gained unauthorized access to two tables with family and teacher information from PowerSchool’s Student Information System database, the company said.
That includes personally identifiable data such as contact information like the names and addresses of families and educators. For some teachers and families, information like Social Security numbers and medical data were also exposed.
PowerSchool’s cloud-based systems are used by over 55 million students and 17,000 educational customers in more than 90 countries.
As PowerSchool is reaching out to affected schools, local news reports are rolling out in various parts of the nation regarding the company’s notifications to school districts they’ve been impacted by the data breach. This includes statewide reports from the North Carolina Department of Public Instruction and the Alabama Department of Education.
Evidence suggests the data breach occurred after an unauthorized party used a compromised credential to access PowerSource, according to the PowerSchool spokesperson.
In a Thursday webinar with school district officials, PowerSchool officials noted they’re still investigating how those credentials were compromised. However, it appears that the credentials were available on the dark web for a “period of time well before the attack,” said Mishka McCowan, vice president of information security and CISO of PowerSchool, during Thursday's webinar.