Who:
Hacker targeting PowerSchool, a K-12 education tech provider.
Over 62.4 million students and 9.5 million teachers reportedly affected.
What:
Threat actor used stolen credentials to access PowerSchool’s PowerSource customer portal.
Leveraged a maintenance tool to download student and teacher data from PowerSIS databases.
Exfiltrated data includes Social Security Numbers, medical records, and grades (varies by district).
PowerSchool paid a ransom to prevent the public leak of stolen data.
Impact:
6,505 school districts across the U.S., Canada, and other regions affected.
Largest affected districts include Toronto District School Board, Dallas ISD, and Peel District School Board.
PowerSchool claims over three-quarters of impacted individuals did not have Social Security Numbers exposed.
Data exposure risks identity theft, financial fraud, and reputational harm.
Mitigation:
PowerSchool is offering:
Two years of free identity protection and credit monitoring for affected individuals.
Notification assistance to stakeholders, including state attorneys general and impacted districts.
Customers urged to monitor PowerSchool’s dedicated public update site for developments.
Read the full article HERE