Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
This is only February, but we have the potential to become one of the greatest violations of the EDTECH giant Powerschool.
PowerSchool, which provides K-12 program to more than 18,000 schools to support every 60 million students in North America, confirmed the violation in early January. California based company, In 2024, which Bain capital was taken for $ 5.6 billionHackers used discounted credentials to apply for the company’s school information system, students to access additional access to the school information system, students used by students for students, prices, participants and registration.
“On December 28, 2024, certain forces were one of our portals with one of our fascinates, PowerShorce, PowerShool spokesman Beth Keebler reported.
PowerSchool is open on some aspects of the violation. Keebler Techcrunch said, for example, Powersource portal no support Multi-factor identification during the incident, and the school of authority did. However, a number of important questions remain unanswered.
TechCrunch told millions of students in the United States, explaining the list of prominent questions about the potential of the incident, which has the potential of the incident, which has the potential of the incident, said that all updates related to violation will be placed Company event. On January 29 the company said that Began to report physical affected by violation and state regulators.
PowerSchool told customers that the cybertecurity firm of cyberstrique will report to the cibreturity firm to investigate the violation of the company in mid-January. However, several sources working in schools affected by blurry, they said they did not accept Techcrunch yet.
The company’s customers also have many unanswered questions, to force those who are affected by the violation to work each other to explore the hacki.
Here are the questions left unanswered.
How much school, or student, not known to be affected
TechCrunch heard from schools affected by Thanksgiving, the scale can be “massive”. However, Powerschool, TechCrunch to say that “the data identified the schools and districts in this incident,” said PowerSchool, repeatedly refused to say how many schools and people affected.
Crazy computerAccording to more than one source, the hacker, who was responsible for the violation, received more than 62 million students and 9.5 million teachers. Powerschool repeatedly rejected whether this number is accurate.
When PowerSchool does not give a number, the company’s recent documents, the latest documents, in general, show that millions are stolen. For example, in a document with the Prosecutor General of Texas, PowerSchool confirms that almost 800,000 state residents are stolen.
The communication of the written school regions gives a general idea of the size of the violation. Toronto District School School (PTSD), the largest school staff served by Canada about 240,000 students every year, He said hacker May have 40 years of student data, Almost 1.5 million students were broken by the data. Similarly, California Menlo Park City School District confirmed Hacker, all current students and employees learned – about 2,700 students and 400 employees, as well as students and employees in the early 2009-10 academic year.
We still do not know what types of data are stolen
We do not know how many people do not affect, but do not know how much and what information they will enter during the violation.
In January, in January, in January, he confirmed that students and teachers stole “sensitive personal information”, including the company’s prices, attendance and demographics of the company. The company’s event page can include social security numbers and medical information of stolen data, but because of the differences in customer requirements, the information that is exclaiming data for any person, the customer changes in our customer base. “
There is also techcrunch I heard “All” of historical students and teacher information from more than one school affected by the incident was broken.
A person who works in a school district affected, includes information about the rights of stolen data, including parents, including parents, including certain students.
In February, a source talking to TechCrunch, PowerSchool reveals that Powerschool provides affected schools with the tool that can survey and summarize Customer information in its systems. Powerschool said to effective schools that the vehicle “cannot accurately reflect the information outdated during the event.”
PowerChool is not known to have their own technical means, to determine which type of data is stolen from private school regions.
Powerschool said how much hacker paid for the violation
Powerschool Techcrunch told the organization “appropriate steps” to prevent the release of the stolen data. In shared communications shared with clients, the company confirmed that he was working with a reaction company in connection with the cyber usurpation event to negotiate with the actors responsible for this violation.
All this confirms that the attackers violating the system of authorities. However, when asked by TechCrunch, the company refused to say how much he paid or how much hacker demands.
We do not know what evidence of PowerSchool proving what stolen data has been deleted
PowerSchool’s Keebler Techcrunch company “does not expect data to be shared or disclosed to the public,” he said, he believed that it thought it was elsewhere or spreading or spreading.
However, the company repeatedly refused to say which evidence was taken to suggest that the stolen information was deleted. Timely report He said the company received video evidence, but said he would not be confirmed or denied when asked by Powererschool Techcrunch.
Even then the evidence of deletion is to guarantee that the hacker is still not available; The last time England’s locking ransomware gang took the Takedown Nigway The network still had data owned by victims that require a ransom.
We still do not know who is behind the attack
One of the greatest unknowns about Powerschool Cyberattack is responsible. The company communicated with a hacker, but if known, he refused to identify their identities. Kiberyeward, Canadian incident reaction organization, working to negotiate with Powerchool, did not answer Techcrunch questions.
The results of the crowdstritch of the Crowdstrik remain a secret
Powerschool works with a reaction firm associated with the event to explore the violation. The results of PowerSchool customers on January 17, said the results of the security company will be announced. However, the report said that they still did not see information about the unpublished and affected school districts. Crowdstrike refused to comment when asked by Techcrunch.
Crowdstrike spread a temporary report in January where Techcrunch saw, but there are no new details about violation.
Do you have more information about PowerSchool data breach? We would like to hear from you. From an unemployed device, Carly page can contact a secure signal in a secure signal +44 1536 853968 or via email carly.page@techcrunch.com.
