CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Data Breaches

PowerSchool Portal Compromised Months Before Massive Data Breach

Hackers used compromised credentials to access PowerSchool’s PowerSource portal months before the December 2024 data breach. The post PowerSchool Portal Compromised Months Before Massive Data Breach appeared first on SecurityWeek.

PowerSchool data breach

Threat actors accessed the customer support portal of education tech giant PowerSchool several months before the massive December 2024 data breach, cybersecurity firm CrowdStrike says.

In January, PowerSchool revealed that hackers had stolen personal information from its Student Information System (SIS) environments, which were accessed through the PowerSource community-focused customer support portal.

Using compromised credentials for a maintenance account, the hackers stole names, contact details, dates of birth, medical information, Social Security numbers, and other information of both students and educators.

PowerSchool has not shared information on the number of potentially impacted individuals, but multiple school districts in the US and Canada said that the attackers stole all their historical data from the SIS service and reports suggest that roughly 70 million people might be affected.

A fresh CrowdStrike report (PDF) summarizing the findings of their investigation into the incident does not clarify how many individuals had their personal information stolen, but shows that the data has not appeared on sale on the dark web.

As the Menlo Park City School District (MPCSD) pointed out in a January incident notice, it may be because PowerSchool engaged with CyberSteward to negotiate with the hackers and likely paid a ransom to ensure that the data is not leaked publicly.

CrowdStrike’s report also confirms that the attackers used compromised credentials for a maintenance account to access PowerSchool’s SIS service through the PowerSource portal, and to steal student and educator information between December 19 and December 28.

Additionally, the report shows that the same compromised credentials were used between August 16 and September 17, 2024, to access the PowerSchool PowerSource portal, but it does not link the two intrusions.

“CrowdStrike did not find sufficient evidence to attribute this activity to the threat actor responsible for the activity in December 2024. The available SIS log data did not go back far enough to show whether the August and September activity included unauthorized access to PowerSchool SIS data,” the report reads.

CrowdStrike found no evidence of unauthorized activity in PowerSchool’s environment after December 28, of a malware infection, of system compromise, or of other PowerSchool customer IT environments being accessed or at risk of compromise.

“CrowdStrike did not identify any new or concerning findings beyond what we already shared,” PowerSchool notes in a March 7 update to its incident notice.

Related: Many Schools Report Data Breach After Retirement Services Firm Hit by Ransomware

Related: HPE Says Personal Information Stolen in 2023 Russian Hack

Related: New York Sues Insurance Giant Over Data Breaches

Related: 18,000 Organizations Impacted by NTT Com Data Breach

Latest News

CYBERNEWSMEDIAPublisher