1. Forum
  2. FIDO
  3. POLITICS

  • PowerSchool hit by cybera

    From Mike Powell@1:2320/105 to All on Thu Jan 9 09:21:00 2025
    PowerSchool hit by cyberattack which saw student and teacher data stolen

    Date:
    Wed, 08 Jan 2025 19:35:00 +0000

    Description:
    The company paid to have the data deleted.

    FULL STORY

    PowerSchool, a major education technology software platform for K-12 schools, has confirmed suffering a cyberattack resulting in the theft of sensitive student and teacher information. Furthermore, the company decided to pay a ransom demand to have the data deleted.

    In late December 2024, an unidentified threat actor used stolen credentials
    to access its PowerSchool Student Information System (SIS) platform. From there, they were able to use the export data manager" customer support tool
    to exfiltrate Students and Teachers database tables to a CSV file, which was then stolen.

    The information grabbed in this attack includes names, and postal addresses, and in some districts, the threat actors also obtained Social Security
    numbers (SSN), personally identifiable information (PII), medical
    information, and grades.

    A ransomware attack

    PowerSchool notified the affected individuals via a breach notification
    letter, and stressed that not all PowerSchool SIS customers were impacted.

    Only a subset of customers received the update, with a PowerSchool
    spokesperson adding items such as customer tickets, customer credentials, or forum data were not exposed or exfiltrated.

    We dont know exactly how many people were exposed in the incident, but apparently, the data was deleted.

    PowerSchool said hile this wasnt a ransomware attack, it still paid the attackers to have the data wiped.

    "With their guidance, PowerSchool has received reasonable assurances from the threat actor that the data has been deleted and that no additional copies exist." The publication asked the company how much money it paid for this,
    but did not get a straight answer: "Given the sensitive nature of our investigation, we are unable to provide information on certain specifics."

    In recent times, some ransomware operators stopped deploying the encryptor
    and started focusing solely on data exfiltration, since its cheaper, easier, and more convenient, with the same end result.

    Via BleepingComputer

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/powerschool-hit-by-cyberattack-which-sa w-student-and-teacher-data-stolen

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)