Education (K-12)
Who:
• Hacker targeting PowerSchool, a K-12 education tech provider.
• Over 62.4 million students and 9.5 million teachers reportedly affected.
What:
• Threat actor used stolen credentials to access PowerSchool’s PowerSource customer portal.
• Leveraged a maintenance tool to download student and teacher data from PowerSIS databases.
• Exfiltrated data includes Social Security Numbers, medical records, and grades (varies by district).
• PowerSchool paid a ransom to prevent the public leak of stolen data.
Impact:
• 6,505 school districts across the U.S., Canada, and other regions affected.
• Largest affected districts include Toronto District School Board, Dallas ISD, and Peel District School Board.
• PowerSchool claims over three-quarters of impacted individuals did not have Social Security Numbers exposed.
• Data exposure risks identity theft, financial fraud, and reputational harm.
Mitigation:
• PowerSchool is offering:
• Two years of free identity protection and credit monitoring for affected individuals.
• Notification assistance to stakeholders, including state attorneys general and impacted districts.
• Customers urged to monitor PowerSchool’s dedicated public update site for developments.
Read the full article HERE
Like