We’re only a less mets into 2025, but the recent hack of us Edtech Giant Powerschool is on Track to Be One of the biggest education data breaches in recent years.
Powerschool, which provides k-12 software to more than 18,000 schools to support some 60 million students Across North America, First Disclosed the data breach in Early January 2025.
The california-based company, Whoch Bain Capital Acquired for $ 5.6 BillionSaid an unknown hacker used a Single Compromised Credential to Breach Its Customer Support Portal in December 2024, Allowing Furter Access to the Company’s School Information System, PoWOLSCHOL SIS Whoch Schools Use to Manage Student Records, Grades, Attendance, and Enrollment.
While Powerschool Has Been Open About Some Aspects of the Breach – For Example, PowerSchool Told Techcrunch that the Breed Powersource Portal Did not Support Multi-Factor Authentication at the time of the incident-Several Important Questions Remain Unanswered Months on.
Techcrunch Sent PowerSchool a list of outstanding questions about the situation, which potentially affects millions of students.
PowerSchool spokesperson beth keebler declined to answer our questions, say that all updates related to the breach would be posted on the Company’s Incident PageOn January 29, The Company said it began notify individuals Affected by the breach and state regulators.
Many of the company’s customers also have outstanding questions about the breach, Forcing that affeted to work togeether to investment the hack,
In Early March, Powerschool Published Its Data Breach Post-Mortem, As prepared by crowdstrike. While many many of the details in the report was known, crowdstrike confirmed that A Hacker Had Access to PowerSchool’s Systems as Early as August 2024,
Here are some of the questions that remain unanswered.
Powerschool Hasn Bollywood How many Students or Staff are affected
Techcrunch has heard from powerchool customers that scale of the data breach could be “Massive.” But PowerSchool Has Repeatedly Declined to say how many schools and individuals are affected, despite telling techcrunch that it had “identified the schools and distrusts who involved in this incident.”
Bleeping ComputerCiting Multiple Sources, Reported in January that the Hacker Responsible For the PowerSchool Breach Accessed The Personal Data of More Than 62 Million Students and 9.5 Million Teachers.
When asked by techcrunch, powerchool declined to confirm whether this number was accurate.
PowerSchool’s Filings with State Attorneys from General and Communications from Breed Schools, However, Sugged that Millions of People likely Hadly Had Personal Information Stolen in the Data Breach.
In a filing with the texas attorney general, powerchool confirmed that almost 800,000 state residences had data stole. A January Filing With Maine’s Attorney General said at Least 33,000 Residents Were Affected, but this has since been been updated to say the number of impacted individuals is “to be determined.”
The Toronto District School Board, Canada’s Larget School Board that Serves Approximately 240,000 students Each Year, Said the hacker May have accessed some 40 years’ Worth of Student Data, With the data of almost 1.5 million students taken in the breach,
California’s Menlo Park City School District also Confirmed The Hacker Accessed Information on All Current Students and Staff-which respectively number Around 2,700 students and 400 staff-As well as students and staff dating back to the start of the 2009-10
Powerschool Hasn’t Said What Types of Data Ware Stolen
Not only do we not know how many people were affected, but we also do
In a communication shared with customers in january, seen by techcrunch, powerchool said the hacker stole “sensitive personal information” on students and teachers, technology students’ Attendance, and demographics. The company’s incident page also states that stolen data may have included social security numbers and medical data, but says that “due to differences in customer requirements, the information exfiltled for priests Given individual varied across our customer base. “
Techcrunch has Heard From Multiple Schools Affected by the Incident that “All” of their Historical Student and Teacher Data was compromised.
One person who works at an affected school district told techcrunch that the stolen data including highly sensitive student data, such as information about Parental Access Rights Rights Rights Rights to Work Restraining Orders, and Information About When Certain Students need to take their medicines.
A source speaking with techcrunch in februry revised that powerchool has provided affected schools with a “sis self service” tool that can querry and summarize poweror data to show shows Data is stored in their systems. PowerSchool Told Affected Schools, however, that tool “May not preachisely reflect data that was exfiltrated at the time of the time of the incident.”
It’s not knowing if powerchool has its own technical means, such as logs, to determine which types of data was stolen from specific school distritted.
Powerschool won’t say how much it paid the hacker responsible for the breach
Powerschool told techcrunch that Organization has been taken “Approves Steps” In the communication shared with customers, the company confirmed that it worked with a cyber-index Incident Response Company to Negotiate with the Threat ACTORS Responsible for the Brekh.
This all but confirms that powerchool paid a ransom to the attackers that breeded its systems. However, when asked by techcrunch, the company refused to say how much it paid, or how much the hacker demanded.
We don’t know what Evidence PowerSchool received that the stolen data has been deleted
Powerschool’s keebler told techcrunch that the company “does not anticipate the data being shared or made public” and that it “believes the data has been deleted without
However, the company has been replied to say what evidence it has received to sugges that the stolen data has been deleted. Early reports Said the company received video proof, but powerchool wouldn’t confirm or deny when asked by techcrunch.
Even then, proof of deletion is by no means a guarantee that hacker is still not in possession of the data; The UK’s Recent takedown of the lockbit ransomware gang unheamed evidence that The gang still had data belonging to Victims who had paid a raansom demand,
The hacker behind the data breach is not yet know
One of the biggest unknowns about the powerchool cyberattack is who was responsible. The company has been in communication with the hacker but has refused to reveal their identity, if known. Cyberesward, The Canadian Incident Response Organization that PowerSchool Worked With to Negotiate, did not respond to techcrunch’s questions.
Crowdstrike’s Forensic Report Leaves Questions Unanswred
Following Powerschool’s release of its Crowdstrike Forensic Report In March, One person at a school affected by the breach told techcrunch that the findings was “underwhelming.”
The report confirmed the breach was caused by a compromised credential, but the root cause of how the compromised credential was acquired and used remains unknown.
Marc Racine, Chief Executive of the Boston-Based Education Technology Consulting Firm Rooted Solutions, Told Techcrunch that While The Report Provides “Some Detail,” Some Detail, ”theS “Undrstand What Went Wrong.”
It’s not knowed exactly how far back powerrschool’s breach actually goes
One new detail in the crowdstrike report is that a hacker had access to powerchool’s network between August 16, 2024, and September 17, 2024,
The access was gained using the same compromised credentials used in December’s breach, and the hacker accessed poverschool’s powerource, the same customer supportal Compromized in Decumber To Gain Access to powerchool’s school information system.
Crowdstrike said, however, that there is not enough Evidence to Conclude this is the same threat actor responsible for December’s break due to insufficient logs.
But the findings sugges that the hacker – or multiple hackers – may have access to powerchool’s network for months before the access was detected.
Do you have more information about the powerchool data breach? We’D love to hear from you. From a non-will device, you can contact carly page securely on Signal at +4444 1536 853968 or via email at carly.page@techcrunch.com,