- New Powerschool data, allegedly found in the requirement of ransom, now sets the number of affected students of 62 million
- More than nine million teachers were also affected
- The victims are in the US, Canada and other places
The Powerschool hack seems to have been much worse than originally thought, as new reports now claim that more than 62 million students and nine million teachers were actually affected by the attack.
At the end of December 2024, an unidentified threat actor used stolen credentials to access its PowerCool Student Information System (SIS) platform. From there, they were able to use “Export Data Manager” Customer Support Tool to exfilter “Students” and “Teachers” database tables for a CSV file which was then stolen.
The information gripped in this attack included names and postal addresses, and in some districts the threat players also received CPR numbers (SSN), personally identifiable information (PII), medical information and characters.
Ongoing study
It has since been reported that the attackers stole personal data from 62,488,628 students and 9,506,624 teachers, citing both the striker and several other sources. In total, it was said, 6,505 school districts in the United States, Canada and other countries were affected. The figures reportedly come from the requirement of extortion sent to the defaulted company.
Toronto District School Board, Peel District School Board and Dallas Independent School District appear to be most affected.
Powerschool did not want to comment on the new results, it was said, especially as its study is still underway. But the company told the publication that the type of exposed data varies from district to. This is because school districts decide what information they want to store in the SIS database, based on the political requirements of the district or state.
“For this reason, it is expected that less than a quarter of the affected students got their CPR number revealed in the breach,” Bleeping computer said with reference to the company.
“We care deeply about the students, teachers and families we earn, and are wholeheartedly obliged to support them. Powerschool will offer two years of free identity protection services and two years of free credit monitoring services for all relevant students and teachers whose information was involved,” told the company Bleeping computer in a written statement.
Via Bleeping computer
