Rumors surrounding a breach of data in PowerSchool have been circulating. After a cyberattack let a hacker gain access to the personal information of many schools globally, students and teachers alike are worried for their data. Were you compromised in this data breach? And what is PowerSchool doing to improve security?
To get the burning question out of the way, there is a chance you were affected by the data breach. In South Carolina, many counties were involved. Notifications were sent out to individuals and school districts involved. Some students within our school have received emails about the breach. Emails are still being sent out and may arrive in the coming weeks, but if you have not gotten an email by now most likely your data is safe.
What if I did receive a notification? If you did receive a notification from either PowerSchool or Experian, you can still be mostly assured of your safety. The hacker asked for ransom to not release the data, which was paid. They then received video confirmation that all the compromised information was deleted. They were also assured that there were no copies. Of course there is some risk nonetheless, but this is most likely the end. Also if you were affected by the breach ,PowerSchool is offering two years free of credit monitoring and identity protection. Information to claim it should be included in the email you received. The service is done through Experian IdentityWorks. The membership will allow you access to information associated with your credit file, crediting monitoring for indicators of fraud, internet surveillance to identify trading or selling of your personal information on the Dark Web, identity restoration to help address credit and non-credit related fraud even after your membership expires, and finally $1 million identity theft insurance. This is required by law to be provided if SSNs were compromised, but it is also being offered to those whose SSNs were not.
What information was made available? In most cases social security numbers were not recorded within the system. PowerSchool estimates that less than 1/4th of the users compromised had their SSNs taken. What was taken varied from person to person, but the main data taken was the individual’s name, contact information, date of birth, and limited medical alert information. That is all that PowerSchool has announced that they are doing to remedy the situation.
What actually happened? On December 24th, 2024 PowerSchool realized that a cyberattack occurred on their customer service platform PowerSource. The threat actor was able to gain access to stolen credentials to log into the company’s customer support portal. PowerSchool engineers are given access to a maintenance access tool on PowerSource for customer student information systems in order to give support and troubleshoot any issues. Through this the attacker was able to export the data in a file that saves data as a table (CSV file). PowerSchool then hired the third party cybersecurity company CrowdStrike to control the situation. CrowdStrike issued rotating passwords for PowerSource customer support portal accounts and added stricter requirements for passwords. PowerSchool also hired CyberSteward which facilitated the negotiation with the threat actor. They ended up paying a ransom – the amount of was not specified – and continue to monitor the Dark Web for any signs of the stolen data. The attack affected 6,505 school districts in the US, Canada, and other countries, 62,488,628 students and 9,506,624 teachers.
In conclusion, this issue is most likely buried and done unless you are still working to gain access to the recompense that PowerSchool provided. Cybersecurity experts were involved and have handled many situations like this. The most likely scenario is that the stolen files have been completely deleted and nothing will come of it. It is always best practice to make sure you are safe on the internet and make sure your data is not circulating the Dark Web. This can be done through a variety of services. Also make sure you have secure passwords especially if your accounts contain access to millions of people’s data. Stay safe online.
https://www.powerschool.com/security/sis-incident/notice-of-united-states-data-breach/
