Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Privacy Security

PowerSchool Data Breach Victims Say Hackers Stole 'All' Historical Student and Teacher Data (techcrunch.com) 19

Posted by msmash from the more-you-know dept.
An anonymous reader shares a report: U.S. school districts affected by the recent cyberattack on edtech giant PowerSchool have told TechCrunch that hackers accessed "all" of their historical student and teacher data stored in their student information systems. PowerSchool, whose school records software is used to support more than 50 million students across the United States, was hit by an intrusion in December that compromised the company's customer support portal with stolen credentials, allowing access to reams of personal data belonging to students and teachers in K-12 schools.

The attack has not yet been publicly attributed to a specific hacker or group. PowerSchool hasn't said how many of its school customers are affected. However, two sources at affected school districts -- who asked not to be named -- told TechCrunch that the hackers accessed troves of personal data belonging to both current and former students and teachers. Further reading: Lawsuit Accuses PowerSchool of Selling Student Data To 3rd Parties.

PowerSchool Data Breach Victims Say Hackers Stole 'All' Historical Student and Teacher Data More | Reply

PowerSchool Data Breach Victims Say Hackers Stole 'All' Historical Student and Teacher Data

Comments Filter:

  • Sounds impressive. Especially the part where they sold the data and blame it now on the "ackers".

  • As usual, nobody will be held accountable (Score:3)

    by hyades1 ( 1149581 ) <hyades1@hotmail.com> on Wednesday January 15, 2025 @12:25PM (#65091081)

    Wouldn't it be nice if the US was something more than a corporate kleptocracy, and elected representatives gave enough of a damn about their constituents to hold corporations like this accountable for mass data breaches? No doubt PowerSchool has some handy lie about why they held onto data from students no longer in the system. No doubt it will be enough to get them off the hook. The board of directors should be looking at mandatory prison time, and the corporation should be fined into bankruptcy. It won't happen, of course. as long as PowerSchool bribed a few Senators and Congress-chuds...sorry, I meant to say, "made campaign contributions in support of the democratic process". They've got nothing to worry about. Meanwhile, most or all of the personal data any miscreant could wish for on millions of people is now available on the black market.

    I'm starting to really understand why some Americans are at the point of taking the law into their own hands.

    • Powerschool is used by some Canadian school districts too and they have been affected by this breach too. Since we tend to have quite strict data protection laws here there may be some consequences for them here at least, although probably just fines for the company which do little to fix the problems this breach may cause.

      • Thanks for that. I'm also Canadian, with American and English relatives. I would love to see our Privacy Commissioner take a look at this.

    • In my state, we actually have retention laws on student data. This sounds like the sort of thing that would violate those laws; I expect they will be paying my state some money...

    • Seems like an indicator of societal erosion/fabric tearing.

      Foundational ideals slip and are ignored because:

      Those in power only serve those that keep them in power.

      Everything else is circus ("let's buy the Moon!", "Maybe you can have an abortion!" or such).

    • Re: (Score:1)

      by davidwr ( 791652 )

      No doubt PowerSchool has some handy lie about why they held onto data from students no longer in the system.

      It might be a legal requirement. Back in the day of paper records, at least one US state was required by law to retain recent graduates' official records for some small number of years or until the former student reached a certain age, then they were required to destroy almost everything other than the student's transcript and possibly a few other details. The idea was if, 30 years from now, the student wanted to go to college, the high school transcript was available, but not much else.

      The "keep for a sm

  • All centralized data is a target for hackers; they payoff is so much more than individuals, or individual companies.

    • Which is why 2FA is stupid. While the bad guys will go after the individual person, it is much more profitable to go after the big deposits of data. It's why banks were robbed rather than robbing each person as they left the bank.

  • This is what you get when you are acquired by Bain: https://www.powerschool.com/ba... [powerschool.com]
    Long and tortuous history of ethics problems, "value extraction", big bonuses for do-nothing execs, etc.
    - https://fortune.com/article/ba... [fortune.com]
    - https://www.forbes.com/sites/m... [forbes.com]
    - https://archive.ph/hrjOD [archive.ph] (https://www.economist.com/finance-and-economics/2012/01/28/bain-or-blessing)
    and many more

    • Bain is involved? Shit. If they get into a company it's like they can't help but create massive failure. I'll never forgive them for killing that last half-decent toy chain in the US. I still don't wanna grow up, even if the Toys-R-Us business was raped to death by vulture capitalism.

  • We're getting to the point where stories about which services HAVEN'T been breached are more newsworthy. Your users' data is still secure? Good on you - great job! Their data has been stolen and can be had by anyone willing to pay? Yawn...

    I'm being sarcastic to make a point. If this was a years-long wave of tangible property thefts, there would be protests in the streets and possible bloodshed if stopping it wasn't being taken seriously enough. But when it comes to personal data theft, it seems that victims

  • > âoebelieves the data has been deleted without any further replication or dissemination.â

    BWAHAHA.

    How fucking stupid are these people? Data is the cockroaches of the internet. Chances are it has multiplied behind your your back.

    --
    If it not IF you will be hacked but WHEN.

    • Surely the hackers just wanted to see what millions of rows of names, SS #s, etc. look like. Then they would delete what they downloaded, as all hackers do. It's just an evolution of the way cat burglars used to break in, count all the money they found, and then carefully put it back where they found it before leaving.

    • 'PowerSchool told TechCrunch last week that it has taken "appropriate steps" to prevent the stolen data from being published, and said it "believes the data has been deleted without any further replication or dissemination."'

      In other words, they have paid off the hackers for a set of magic beans in the form of a promise to delete the data. They must be clowns if they actually believe the hackers!

  • By "online" I mean where it's immediately query-able.

    Some data, such as a student's disciplinary record more than a year or two back, shouldn't be "immediately" available, whether that's the principal/counselor asking for it or if it's malicious software asking for it.

    You can store that data "near-line" in a separate information warehouse that has some gatekeeping ("this is the 100th request we've had for old data from that school this week, we usually only get 10 requests a week, better have an admin conta

Slashdot Top Deals

"Probably the best operating system in the world is the [operating system] made for the PDP-11 by Bell Laboratories." - Ted Nelson, October 1977

Close