By Nermeen Nabil Khear 
- PowerSchool said that in late December, threat actors accessed its student information system and stole data on students and teachers
- We don’t know exactly how many people were affected by the breach
- The data was allegedly deleted
PowerSchool, a major education technology software platform for K-12 schools, has confirmed suffering a cyberattack resulting in the theft of sensitive student and teacher information. Furthermore, the company decided to pay a ransom demand to have the data deleted.
In late December 2024, an unidentified threat actor used stolen credentials to access its PowerSchool Student Information System (SIS) platform. From there, they were able to use the “export data manager” customer support tool to exfiltrate “Students” and “Teachers” database tables to a CSV file, which was then stolen.
The information grabbed in this attack includes names, and postal addresses, and in some districts, the threat actors also obtained Social Security numbers (SSN), personally identifiable information (PII), medical information, and grades.
A ransomware attack
PowerSchool notified the affected individuals via a breach notification letter, and stressed that not all PowerSchool SIS customers were impacted.
Only a subset of customers received the update, with a PowerSchool spokesperson adding items such as customer tickets, customer credentials, or forum data were not exposed or exfiltrated.
We don’t know exactly how many people were exposed in the incident, but apparently, the data was deleted.
PowerSchool said hile this wasn’t a ransomware attack, it still paid the attackers to have the data wiped.
“With their guidance, PowerSchool has received reasonable assurances from the threat actor that the data has been deleted and that no additional copies exist.” The publication asked the company how much money it paid for this, but did not get a straight answer: “Given the sensitive nature of our investigation, we are unable to provide information on certain specifics.”
In recent times, some ransomware operators stopped deploying the encryptor and started focusing solely on data exfiltration, since it’s cheaper, easier, and more convenient, with the same end result.
Via BleepingComputer
You might also like
- Ecommerce sites targeted by Magento payment system hack
- Here’s a list of the best antivirus tools on offer
- These are the best endpoint protection tools right now
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.