Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Home Data Breach PowerSchool Data Breach Exposes Millions
AWS Data Breach LummaC2 malware MFA PowerSchool

PowerSchool Data Breach Exposes Millions

The stolen credentials were shared in cybercrime groups, which further exposed PowerSchool's systems.
Monday, January 20, 2025

 


An American education technology company, PowerSchool, is the latest giant to fall a victim of hacking and data breaches, which probably compromised millions of records of students and teachers in North America. As one of the leading providers of school records management software, PowerSchool serves 18,000 schools who manage data over 60 million students.


How the breach happened

The compromise was discovered on December 28 and was traced to a subcontractor's account. The new report said, however, that another incident of hacking-a compromise of the access of a PowerSchool software engineer-may have had something to do with the breach. Malware infected the engineer's computer and exfiltrated login credentials for internal systems, such as Slack, AWS, and other tools.

According to the logs retrieved by researchers, the infostealing malware known as LummaC2 was used to steal the engineer's passwords. The malware extracted saved passwords and browsing histories from the web browsers of the engineer and uploaded them to a server run by cybercriminals. The stolen credentials were shared in cybercrime groups, which further exposed PowerSchool's systems. 


What Data Was Stolen?

The hackers accessed a range of sensitive personal information, including:  

  • Social Security numbers  
  •  Student grades and demographics  
  •  Medical information  
  •  Parental access details, such as restraining orders  
  •  Records of students’ medication schedules  

School districts impacted by the breach reported that the attackers stole all historical data stored in PowerSchool’s systems.  

The lack of multi-factor authentication (MFA) on a compromised maintenance account was one key vulnerability. PowerSchool has implemented MFA and reset passwords across its customer support portal. Many of the employee credentials discovered were weak and have been exposed in other breaches.

The breach, which has underlined the threats of infostealing malware in hybrid work setups where employees operate company systems using personal devices, has left much to be expected from PowerSchool.


Response and Investigation

PowerSchool, the company concerned, is reportedly working with a cybersecurity firm named CrowdStrike for the investigation into the incident. According to them, no signs of malware have been found neither has any sign of system-layer access. But they are analyzing the stolen data.


Effects on Schools

Many school districts are operating independently to gauge the scope of the breach, relying on collective knowledge from other administrators. As the investigation continues, there are questions about PowerSchool's security measures and how it managed this extensive breach. 

Schools, parents, and educators are urged to be vigilant and ensure additional layers of security are put in place to prevent future incidents.


Tags: AWS Data Breach LummaC2 malware MFA PowerSchool
Share it:
Next
This is the most recent post.
Previous
Older Post

AWS

Data Breach

LummaC2 malware

MFA

PowerSchool