PowerSchool has announced a data breach affecting both hosted and self-hosted K-12 school districts. The breach, discovered on December 28th, resulted in the theft of sensitive student and teacher information. This included student educational records such as grades, attendance, and enrollment data. The company has confirmed that the cyberattack involved a threat actor gaining access using compromised credentials. It is also reported that the attackers were able to export data using a customer support tool, exfiltrating "Students" and "Teachers" database tables to a CSV file.
PowerSchool has notified affected clients, indicating not all users were impacted. Some school districts also saw Social Security numbers, personally identifiable information, and medical information stolen during this incident. PowerSchool has stated that the incident is contained. It has also stated that they paid the attackers to delete the stolen data. PowerSchool claims that they have received assurances that the data has been deleted. The company is conducting webinars to provide additional support and information to its clients.