Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
It has been a few months in 2025, but in recent years, one of the greatest education disorders, the EDTECH giant PowerSchool’s latest hacki.
To support more than 18,000 students in North America to support more than 18,000 students, PowerSchool, which supports more than 18,000 schools, first announced the violation of information in early 2025.
California based company, Which brain capital was taken for $ 5.6 billionAn unknown hacker used a discounted credentials to apply the customer support portal in December 2024, the company’s school information system, student records, pride, participation and PowerSchool SIS used to register.
Powerschool said, even if it is open to some aspects of the violation, for example, PowerersChool has made a broken powererersource portal from TechCrunch no Support multi-factor identification during the incident – several important questions remain in the unanswered months.
TechCrunch, PowerSchool, sent a list of outstanding questions about the incident that potentially affects millions of students.
Powerschool spokeswoman Beth Keableler refusing to respond to our questions said all updates related to violation Company event. On January 29 the company said that Began to report physical affected by violation and state regulators.
Many of the company’s customers also have superior questions about violations, To force those who influenced work together to explore hack.
PowerSchool, information violation in early March, Developed by CrowdstrikeTwo months later, customers will be released. If the details in the report are known, Crowdstrike confirmed that A hacker acquired access to Powerschool systems in early August 2024.
Here are the questions left unanswered.
Powerschool did not say how much students or staff are affected
TechCrunch has heard of PowerSchool customers because the scale of the data violation can be “mass”. However, PowerSchool, TechCrunch’s “determined schools and districts related to the incident, determined the schools and districts,” he refused to say that a large number of schools and people affect.
Crazy computerIn January, referring to many sources, the hacker, who was responsible for the PowerSchool violation, said that more than 62 million students and 9.5 million teachers entered the personal information.
When asked by Techcrunch, Powerschool refused to confirm if this number was accurate.
PowerSchool’s documents related to state lawyers, the documents related to state lawyers show that millions of people have been stolen in the information violation.
In an application with the Texas Prosecutor General, PowerSchool confirmed that almost 800,000 government residents were stolen. Maine’s Prosecutor General said in January, in January, at least 33,000 residents were affected, but since today Updated To say the number of persons affected “will be determined.”
Toronto District School School, Canada’s largest school staff every year of 240,000 students served every year said May have 40 years of student data, Almost 1.5 million students were broken by the data.
California’s Menlo Park City School district confirmed Hacker, all current students and employees learned – about 2,700 students and 400 employees, as well as students and employees in the early 2009-10 academic year.
PowerSchool did not say which types of data are stolen
We do not know how many people do not affect, but do not know how much and what information they will enter during the violation.
In January, in January, the customers said that Powerschool, Hacker students and teachers stole “sensitive personal information”, including students, attendance and demographics. The company’s event page can include social security numbers and medical information of stolen data, but because of the differences in customer requirements, the information that is exclaiming data for any person, the customer changes in our customer base. “
Techcrunch has I heard “All” of historical students and teacher information from more than one school affected by the incident was broken.
A person who works in a school district of the affected school, said that the stolen information includes high-sensitive student information and information, such as information about parental receivers, restricted orders and the medication of certain students.
In February, a source talking to TechCrunch, PowerSchool reveals that Powerschool provides affected schools with the tool that can survey and summarize Customer information in its systems. Powerschool said to effective schools that the vehicle “cannot accurately reflect the information outdated during the event.”
PowerChool is not known to have their own technical means, to determine which type of data is stolen from private school regions.
Powerschool will not tell you how much hacker is responsible for violation
Powerschool Techcrunch told the organization “appropriate steps” to prevent the release of the stolen data. In shared communications shared with clients, the company confirmed that he was working with a reaction company in connection with the cyber usurpation event to negotiate with the actors responsible for this violation.
All this confirms that the attackers violating the system of authorities. However, when asked by TechCrunch, the company refused to say how much he paid or how much hacker demands.
We do not know what evidence of PowerSchool proving what stolen data has been deleted
PowerSchool’s Keebler Techcrunch company “does not expect data to be shared or disclosed to the public,” he said, he believed that it thought it was elsewhere or spreading or spreading.
However, the company repeatedly refused to say which evidence was taken to suggest that the stolen information was deleted. Timely report He said the company received video evidence, but said he would not be confirmed or denied when asked by Powererschool Techcrunch.
Even then the evidence of deletion is to guarantee that the hacker is still not available; The last time England’s locking ransomware gang took the Takedown Nigway The network still had data owned by victims that require a ransom.
The hacker on the back of the info violation is not yet known
One of the greatest unknowns about Powerschool Cyberattack is responsible. The company communicated with a hacker, but if known, he refused to identify their identities. Kiberyeward, Canadian incident reaction organization, working to negotiate with Powerchool, did not answer Techcrunch questions.
Crowdstritch’s Court Report asks unanswered questions
After the release of Pusterschool Crowdstrike Court Report In March, one person in a school affected by the violation said the findings were “pin”.
The report confirmed that the violation was caused by a corrupt credentials, but the root cause of the acquisition and use of concessions is not known.
Boston-based educational technology does not have enough information for Mark Racine, Roedcrunch, Roedcrunch, “Some details” regarding the executive solutions of the consulting firm.
It is not exactly known how back Powerschool disorder
A new detail in the Crowdstrike report is to enter the PowerSchool network between a hacker August 16, 2024 and 17 September 2024.
Introduction has won using the same concessionary used in violation of December, and entered the same customer support portal to access Hacker PowerSchool’s PowerShource.
Crowdstrike said it was not enough evidence for this, which is the same dangerous actor in charge of the violation of December due to insufficient logs.
However, the findings, hacker – or more than one hacker – indicates that the entry can be accessed to the Powerschool network within a few months.
Do you have more information about PowerSchool data breach? We would like to hear from you. From an unemployed device, Carly page can contact a secure signal in a secure signal +44 1536 853968 or via email carly.page@techcrunch.com.
