Cybercriminals spare no industry, targeting sectors like healthcare, insurance, automotive, and education. Healthcare has been a frequent target, with attacks like the Ascension breach last year and the CVR incident in late 2024. Now, the education technology giant PowerSchool has become the latest target, with records of millions of students and teachers stolen. While the exact number of affected individuals remains unknown, the scale of the breach is alarming.
PowerSchool serves 18,000 customers worldwide, including schools in the US and Canada, managing grading, attendance, and personal information for over 60 million K-12 students and teachers. On January 7, PowerSchool revealed the breach to its customers. The company discovered the breach on December 28, 2024, when customer data from its PowerSchool SIS platform was stolen through the PowerSource support portal. This breach highlights the critical importance of cybersecurity in any industry, especially where sensitive and personal information is involved.
1. How did hackers target PowerSchool?
Hackers used stolen credentials to gain access to the PowerSource support portal and exploited the “export data manager” tool to steal information. PowerSchool SIS is a student information system used for managing grades, attendance, enrollment, and other student records. Hackers accessed the PowerSource portal through these stolen credentials and used an entry point to export the data they aimed to steal.
Interestingly, this breach was neither a ransomware attack nor due to software flaws but was a straightforward network break-in. PowerSchool has engaged a third-party cybersecurity firm to investigate the breach, determine the exact occurrence, and identify the impacted individuals. According to the company, the stolen data was crucially found in the “Students” and “Teachers” database tables, which were exported to CSV files and subsequently stolen by the attackers. This data breach is a stern reminder of the need for robust security measures in these systems.
2. What data got stolen?
The breached PowerSource portal includes features allowing engineers access to customer systems for support and troubleshooting. The attacker exploited this feature to export the PowerSchool SIS “Students” and “Teachers” database tables to a CSV file, resulting in data theft. The stolen data primarily includes contact details like names and addresses; however, for some districts, it also encompasses sensitive information such as Social Security numbers (SSNs), personally identifiable information (PII), medical records, and grades.
PowerSchool assured customers that sensitive data such as customer support tickets, credentials, and forum data were not accessed or stolen during the breach. Additionally, not all SIS customers were affected – only a subset of customers might need to notify those impacted. PowerSchool communicated that the likelihood of the data being shared or made public was low since they believed it had been deleted without replication or dissemination. To contain the breach, they deactivated the compromised credentials and restricted portal access, alongside full password resets and tightening password and access controls.
3. Regularly review your accounts
In light of the PowerSchool breach, staying vigilant about your personal information is more critical than ever. Regularly reviewing accounts associated with your personal information, such as bank accounts and credit cards, is essential to detect unauthorized transactions or changes. With the surge in cyberattacks targeting various industries, continuous monitoring of online services linked to your email or social media accounts is a proactive measure.
Keeping an eye on your account statements for any unfamiliar activity can help you catch fraudulent activities quickly. Early detection is vital to minimizing potential damage or theft of sensitive information. Additionally, consider signing up for regular alerts or notifications about your account activities to promptly address any suspicious behavior. This can be an effective way to stay ahead of potential misuse of your data.
4. Place a credit freeze
If sensitive information like your Social Security number (SSN) has been compromised, consider placing a credit freeze with major credit bureaus such as Equifax, Experian, and TransUnion. A credit freeze can prevent potential identity thieves from opening new accounts in your name, safeguarding your financial profile. This measure effectively blocks lenders from accessing your credit report, thus preventing unauthorized credit applications.
Taking this step immediately upon learning that your sensitive data might be exposed allows you to control who can view your credit information. Credit freezes are free and easily reversible when needed, making them a practical option to protect your credit standing. By blocking unauthorized access, you can mitigate the risks of identity theft and fraudulent financial activities.
5. Utilize identity protection services
PowerSchool is offering affected adults free credit monitoring and minors unspecified identity protection services to mitigate the breach impact. Taking advantage of these identity protection services can alert you to any suspicious activity associated with your personal information and provide support if your identity is stolen. Identity theft protection services offer notifications for unusual activities and suggest preventive measures.
Services like Identity Guard even include identity theft insurance offering up to one million dollars to cover losses and legal fees. They also provide dedicated fraud resolution teams to help victims of identity theft recover any losses. While using such services may come with a subscription fee, the potential benefits and protections they offer make them worth consideration, especially in the wake of a breach involving highly sensitive data.
6. Activate two-factor authentication (2FA)
Strengthening your online account security can greatly reduce the risk of unauthorized access, especially after a breach incident. Wherever possible, activate two-factor authentication (2FA) for all your online accounts. This additional layer of security requires a second form of verification – such as a text code or app-generated token – making unauthorized access to your accounts more difficult.
Cybercriminals frequently use stolen credentials to access accounts. Still, 2FA requires an additional verification step, making it harder for them to succeed. Implementing 2FA on crucial accounts like banking, email, and social media can drastically minimize the risk of cyberattacks. It adds a formidable barrier that makes your online accounts considerably more secure.
7. Be cautious of phishing links and use robust antivirus software
Breaches often lead to attempts at further exploitation through phishing scams. Cybercriminals may send deceptive emails or texts pretending to be from PowerSchool or your school district, aiming to trick you into giving away more personal information. It is vital to be cautious of clicking on suspicious links in emails or messages. Educating yourself and others about recognizing and avoiding phishing scams is an ongoing defense strategy.
Installing and maintaining robust antivirus software across all your devices is another critical line of defense. Antivirus programs can detect and alert you to phishing emails and ransomware scams, thus protecting your personal information and digital assets. Regularly updating your antivirus software ensures you have the latest security measures in place to fend off potential threats. These steps collectively contribute to a more secure digital presence in an era of increasingly sophisticated cyber threats.
Kurt’s key takeaway
The compromised PowerSource portal features allowed engineers access to customer systems for support and troubleshooting, which the attacker exploited to export PowerSchool SIS “Students” and “Teachers” database tables into a CSV file, leading to data theft. The stolen information primarily consists of contact details, such as names and addresses, but for some districts, it also includes sensitive data like Social Security numbers (SSNs), personally identifiable information (PII), medical records, and grades.
PowerSchool reassured customers that sensitive data like customer support tickets, credentials, and forum data were not accessed or stolen during the breach. Furthermore, not all SIS customers were affected—only a specific subset might need to notify the impacted individuals. PowerSchool stated that the likelihood of the stolen data being shared or made public was low, as they believe it was deleted and not replicated or disseminated. In responding to the breach, they deactivated the compromised credentials, restricted portal access, conducted full password resets, and strengthened password and access controls.
