PowerSchool Breach and Cybersecurity Checklist

What happened?

On December 28, Edtech giant PowerSchool became aware of a data breach. In the following weeks, they warned their customers about a data breach that exposed highly sensitive information, including student Social Security numbers, grades, and medical information. The breach, which occurred in December, was discovered when hackers accessed PowerSchool’s internal customer support portal using a stolen credential. The affected data included contact details, and other personally identifiable information of students, teachers, parents, and guardians.

PowerSchool, the largest provider of cloud-based education software for K-12 education in the U.S., confirmed that the breach affected users of its school information system used by over 16,000 customers and supporting more than 50 million students across North America. Although the breach was not ransomware-related, PowerSchool worked with CyberSteward to negotiate with the hackers to prevent the publication of the stolen data. While PowerSchool stated that the data has been deleted, it did not provide evidence to support this claim. The company was acquired by Bain Capital in 2024 for $5.6 billion.

Why is it important?

Student and Staff Safety: Exposure of Social Security numbers, grades, and medical information puts students at risk of identity theft and fraud.

Widespread Impact: With over 50 million students affected, the breach impacts a vast number of individuals in the educational community, including teachers, parents, and guardians.

Trust in Technology: Schools and districts must be wary of their third-party connections to software and how their data is managed by those vendors.

Legal and Compliance Issues: Schools must adhere to data protection regulations, and breaches can lead to legal consequences and fines.

Resource Allocation: Schools may need to divert resources to address the breach’s impact, such as implementing new security measures and supporting affected individuals.

Since the education sector holds so much personal data, especially when it comes to a communication system, taking the proper measures to ensure no further fallout from this breach affects any end users or organizations is crucial.

How SpearTip can help

In a notification shared with BleepingComputer.com, PowerSchool provided the following to customers:

“As a main point of contact for your school district, we are reaching out to make you aware that on December 28, 2024 PowerSchool became aware of a potential cybersecurity incident involving unauthorized access to certain information through one of our community-focused customer support portals, PowerSource.”

SpearTip’s 24/7 Security Operations Center, operating through holidays, allows us to have insight into environments at all times, continually working to detect and respond to potentially malicious threats.

“Threat actor gained access to the portal using compromised credentials and stole data using an “export data manager” customer support tool.”

Stolen credentials can be tough to prevent, however, SpearTip offers multiple ways to identify implementation for stronger controls, multi-factor authentication, and identity management which could have been uncovered in the performance of an assessment.

If your organization ever experiences an incident or suspects one, be sure to call our breach response hotline at [email protected] or call 833.997.7327 for incident management and handling. Use our guide on the next page for more information.

Security Checklist

If you answer yes or unknown, first check with your IT or Security Teams,