traffic_analyzer/DigitalVision V
In recent years, multiple types of cyberattacks have become commonplace against educational facilities — particularly ransomware. The education sector has been reported to have the highest ransomware attack rate.
Cyberattackers might choose to directly exploit an educational facility. Another approach is to use a supply chain attack and exploit a tool the schools use. That’s what happened in December 2024, when education technology company PowerSchool was breached.
Headquartered in Folsom, Calif., PowerSchool is a leading provider of cloud-based software for K-12 education in North America. The company’s SaaS platform provides services for multiple aspects of education, including student information systems, learning management and analytics.
PowerSchool serves over 18,000 school organizations across 90 countries, supporting the activities of over 60 million students. PowerSchool’s wide deployment and usage puts many educational facilities and their student communities at risk. This incident has raised serious concerns about data security in the education sector and the potential long-term consequences for affected students and staff.
On Dec. 28, 2024, PowerSchool claimed it first discovered unauthorized access to its systems. The initial attack vector according to PowerSchool was accessed via the company’s community-focused customer support portal, PowerSource.
The breach allowed hackers to access the PowerSchool Student Information System (SIS), a central database containing a wealth of student and staff data.
PowerSchool didn’t begin to communicate with customers about the data breach until Jan. 7, 2025.
PowerSchool hired cybersecurity vendor CrowdStrike to help investigate the alleged attack. PowerSchool paid some form of fee to the attackers to keep the data from being released. By paying these threat actors to destroy the stolen data, this incident is an extortionware event.
The early investigation into the attack provides some clues as to how the attack happened.
Cyberattackers compromised or used a credential to access PowerSchool’s PowerSource customer support portal. It is not yet clear how the attackers were able to compromise the credentials, though credential theft is a relatively common attack. Credentials can potentially be stolen in any number of different ways, including phishing and social engineering attacks.
The PowerSource customer support portal that the cyberattacker accessed contained a maintenance tool that allowed PowerSchool engineers to access customer SIS instances for support and troubleshooting performance issues.
Once inside the system, the attackers accessed the export data management customer support tool to extract data from the PowerSchool SIS students’ and teachers’ database tables.
According to PowerSchool, the December 2024 security incident specifically affected a subset of institutions using PowerSchool’s SIS. Schools and districts that don’t use PowerSchool SIS were not impacted by this incident.
While the exact number of affected individuals remains unknown, the scale of the breach is significant, given PowerSchool’s extensive user base. Given the widespread usage of PowerSchool SIS across North America, the data breach potentially impacted millions of students and teachers.
According to PowerSchool’s public disclosure, the breach exposed personally identifiable information (PII) for a portion of individuals. The affected individuals fall into two main categories:
Some school districts reported that historical data was compromised, so past staff and students were also affected.
While the total volume of stolen data has not been publicly disclosed, PowerSchool has shared some types of stolen data.
Data stolen in the breach is comprised of PII for students, parents and educators including the following:
According to PowerSchool, there’s no evidence that banking or credit card information was compromised.
PowerSchool will provide identity protection services for students and educators and credit monitoring services for affected adults.
While full details on the attack have not yet been publicly revealed, there are some indications and disclosures that provide insight into the timeline of the attack:
The full scope of the breach remains under investigation, with PowerSchool working alongside law enforcement at the FBI and security vendor CrowdStrike to uncover who was behind the attack.
The company has not publicly attributed the incident to a specific hacker or group, and many details about how the attackers initially obtained the credentials used to access the support portal remain unclear.
The PowerSchool data breach has a broad impact on students, educators and educational institutions:
There is no shortage of cybersecurity events involving the education sector. In 2024, the education sector was a prime target for cybercriminals with several high-profile attacks affecting schools and universities across North America.
Here’s an overview of significant education-related cyberattacks in 2024.
Sean Michael Kerner is an IT consultant, technology enthusiast and tinkerer. He has pulled Token Ring, configured NetWare and been known to compile his own Linux kernel. He consults with industry and media organizations on technology issues.
Network automation is a process that uses intelligent software to automate the management, configuration, deployment, testing and…
The Universal Service Fund (USF) is a United States government program that supports telecommunications access and affordability …
Network management is a multifaceted discipline that provides network administrators with the tools, protocols and processes to …
A hardware security module (HSM) is a physical device that provides extra security for sensitive data.
Spyware is a type of malicious software (malware) that is installed on a computing device without the end user’s knowledge.
Security Assertion Markup Language (SAML) is an open standard for sharing security information about identity, authentication and…
The Semantic Web is a vision for linking data across webpages, applications and files.
Knowledge-based systems (KBSes) are computer programs that use a centralized repository of data known as a knowledge base to …
Metered services (also called pay-per-use and consumption-based pricing) are any type of payment structure in which a customer …
Employee self-service (ESS) is a widely used human resources technology that enables employees to perform many job-related …
Diversity, equity and inclusion is a term used to describe policies and programs that promote the representation and …
Payroll software automates the process of paying salaried, hourly and contingent employees.
An AI assistant, or digital assistant, is software that uses artificial intelligence to understand natural language voice …
A chief experience officer (CXO) is an executive in the C-suite who ensures positive interactions with an organization’s …
A contact center infrastructure (CCI) is a framework composed of the physical and virtual resources that a contact or call center…
All Rights Reserved, Copyright 1999 – 2025, TechTarget
Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information