Hacker used the PowerSchool student information system (SIS) platform to steal the personal information of teachers and students from different school districts.
PowerSchool is a cloud-based software tool private international schools particularly K-12 schools use to centralise access for administrators. This AI-driven platform specialising in education services allows authorised users to view detailed information about students.
BleepingComputer reported that it obtained the information on the PowerSchool breach after customers were notified of the cybersecurity incident on Tuesday afternoon [January 9, 2025].
The teacher and student information stolen particularly in the cyber attack comprised their contact details including names and addresses.
As one of the largest student information system vendors, PowerSchool has been criticised for allegedly violating their signed data privacy agreements with school districts according to a school CTO's comments on EI Reg.
Canon-McMillan, a district using the PowerSchool platform explained to parents in an official letter that the compromised credentials of PowerSchool employees’ were used to access data through a backend support system.
Since Canon-McMillan doesn't store teacher, student or parent social security numbers on the targeted system, that sensitive information continues to be protected.
The school district also noted that contact information, health alerts, and grades for current and former students may have been accessed. Parent/guardian names and addresses may also be compromised.
Cybersecurity Breach Targets PowerSchool SIS
Details of the data theft still remain to be unbeknownst to the public. However, there’s a possibility that some of the information stolen from certain districts might have also included the victim’s Security numbers (SSNs), personally identifiable information (PII), medical information, and grades.
This digital platform harbours the personal data of over 60 million students and over 18,000 customers across the globe.
PowerSchool told the users that they first became aware of the breach on December 28, 2024, when they realised that threat actor/s stole PowerSchool SIS customer information via its PowerSource customer support platform.
The cloud system’s SIS was targeted in the attack. This system was used to manage student records, grades, attendance, enrollment, and more.
"As a main point of contact for your school district, we are reaching out to make you aware that on December 28, 2024, PowerSchool became aware of a potential cybersecurity incident involving unauthorised access to certain information through one of our community-focused customer support portals, PowerSource,” the notification read according to Bleeping Computer.
Must Read: Casio Cyber Attack Exposed Data of 8500 People
Also Read: UN Agency Investigating Security Breach After Hacker Claims Data Theft
Compromised Credentials Used to Hack
Investigations uncovered that the hacker/s used already compromised credentials to steal sensitive data.
They were able to optimise the “export data manager” customer support tool to carry out data theft.
"The unauthorised party was able to use a compromised credential to access one of our community-focused customer support portals called PowerSource," said PowerSchool.
"PowerSource contains a maintenance access tool that allows PowerSchool engineers to access Customer SIS instances for ongoing support and to troubleshoot performance issues," the company told Bleeping Computer.
The hacker was able to exploit the compromised login details of an authorised user to not only gain access to the PowerSchool system but also access specific databases. The attacker then exported the ‘Students’ and Teachers’ database in the form of CSV files.
The cloud company has since confirmed the data theft.
PowerSchool is known for offering comprehensive security aiming to help school districts function better. Their cloud system administrators with lodging tasks related to enrollment, communications, attendance, staff management, learning systems, analytics, as well as finance.
School districts have heavily relied on such a tool. In addition to schools, the company runs Naviance, a platform used by many K-12 districts in the US that offers personalised college, career, and life readiness planning tools to students.
Read: Taiwan Cyber Attacks Doubled in 2024, Report Cites Chinese Cyber Force
