CyberSecurity news

FlagThis - #education

@cyberscoop.com //

PowerSchool Hacker Pleads Guilty to Extortion - A 19-year-old man pleaded guilty to hacking PowerSchool, extorting millions in exchange for not leaking student and teacher data, highlighting cybersecurity risks for educational institutions.
A 19-year-old college student from Worcester, Massachusetts, Matthew Lane, has agreed to plead guilty to charges related to a massive cyberattack on PowerSchool, a cloud-based education software provider. The cyberattack involved extorting millions of dollars from PowerSchool in exchange for not leaking the personal data of millions of students and teachers. Lane exploited stolen credentials to gain unauthorized access to PowerSchool's networks, leading to the theft of sensitive student and teacher data.

The data breach is considered one of the largest single breaches of American schoolchildren's data, affecting approximately 62.4 million students and 9.5 million teachers. According to court documents, Lane obtained stolen data from a U.S. telecommunications company before targeting PowerSchool. After the initial victim refused to pay a ransom, Lane allegedly sought to hack another company that would pay. The stolen information included sensitive details like Social Security numbers and academic records.

Lane will plead guilty to multiple charges, including cyber extortion conspiracy, cyber extortion, unauthorized access to protected computers, and aggravated identity theft. The incident has been described by authorities as a serious attack on the economy, with the potential to instill fear in parents regarding the safety of their children's data. This case highlights the increasing risk of cyberattacks targeting educational institutions and the importance of robust cybersecurity measures to protect student and teacher data.

Recommended read:
References :
  • cyberscoop.com: Massachusetts man will plead guilty in PowerSchool hack case
  • DataBreaches.Net: Massachusetts hacker to plead guilty to PowerSchool data breach
  • BleepingComputer: A 19-year-old college student from Worcester, Massachusetts, has agreed to plead guilty to a massive cyberattack on PowerSchool that extorted millions of dollars in exchange for not leaking the personal data of millions of students and teachers.
  • The DefendOps Diaries: Explore the PowerSchool data breach, its impact on education tech, and lessons for cybersecurity.
  • BleepingComputer: PowerSchool hacker pleads guilty to student data extortion scheme
  • www.bleepingcomputer.com: A 19-year-old college student from Worcester, Massachusetts, has agreed to plead guilty to a massive cyberattack on PowerSchool that extorted millions of dollars in exchange for not leaking the personal data of millions of students and teachers. [...]
  • cyberinsider.com: PowerSchool Hacker to Plead Guilty for Extortion Affecting Millions
  • Threats | CyberScoop: Massachusetts man will plead guilty in PowerSchool hack case
  • techcrunch.com: US student agrees to plead guilty to hack affecting tens of millions of students
  • The Register - Security: US teen to plead guilty to extortion attack against PowerSchool
  • CyberInsider: PowerSchool Hacker to Plead Guilty for Extortion Affecting Millions
  • hackread.com: 19-Year-Old Admits to PowerSchool Data Breach Extortion
  • techcrunch.com: US student agrees to plead guilty to hack affecting tens of millions of students
Dissent@DataBreaches.Net //

Pearson Education Giant Hit by Cyberattack - Pearson, an education giant, suffered a cyberattack resulting in the theft of corporate and customer data due to an exposed GitLab Personal Access token.
Pearson, the global education and publishing giant, has confirmed it suffered a cyberattack resulting in the theft of corporate data and customer information. The breach was discovered by BleepingComputer, who reported that the attackers gained unauthorized access to Pearson's systems. Pearson, a UK-based company, is a major player in academic publishing, digital learning tools, and standardized assessments, serving schools, universities, and individuals across over 70 countries.

Pearson stated that after discovering the unauthorized access, they acted to stop the breach, investigate the incident, and ascertain what data was affected with forensics experts. They also supported law enforcements investigation. Furthermore, Pearson said they've taken steps to deploy additional security measures onto their systems, including enhanced security monitoring and authentication. BleepingComputer was tipped off that someone used an exposed GitLab Personal Access token to compromise Pearson’s development environment in January 2025. The token was found in a public .git/config file, with the attackers using this access to find even more login credentials, hardcoded in the source code, which they then used to infiltrate the company’s network and steal corporate and customer information.

The company downplayed the significance of the breach, suggesting the stolen data was largely outdated, referring to it as "legacy data." Pearson has not disclosed the number of individuals affected, nor the specific types of information exposed. There was no employee information among the stolen files, it was confirmed.

Recommended read:
References :
  • DataBreaches.Net: Lawrence Abrams reports: Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned.
  • BleepingComputer: Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned.
  • www.techradar.com: Another case of exposed Git configuration files leading up to a larger compromise, this time against education giant Pearson.
  • malware.news: Cyberattack compromises Pearson data
Pierluigi Paganini@Security Affairs //

Microsoft Addresses Password Spraying in Education Sector - Microsoft has confirmed a password spraying attack on cloud tenants in the education sector by Storm-1977 and is charging for new Windows Server security updates.
Microsoft has issued a warning regarding a recent password spraying attack targeting the education sector. The tech giant has identified the threat actor behind these attacks as Storm-1977. This group is actively targeting cloud tenants within educational institutions, attempting to gain unauthorized access through compromised credentials.

Storm-1977 employs a Command Line Interface (CLI) tool called AzureChecker.exe in its attacks. This tool is used to retrieve AES-encrypted data from an external server, which contains a list of targets for the password spraying. Additionally, AzureChecker accepts a text file ("accounts.txt") containing username and password combinations. It then uses this information to attempt validation against target tenants.

In one successful instance, Storm-1977 exploited a guest account to create a resource group within a compromised subscription. The attackers proceeded to create over 200 containers within this group, using them for illicit cryptocurrency mining. Microsoft advises organizations to secure container deployments and runtimes, monitor Kubernetes API requests, and implement policies to prevent deployments from untrusted registries to mitigate such activities.

Recommended read:
References :
  • securityaffairs.com: SecurityAffairs: Storm-1977 targets education sector with password spraying, Microsoft warns
  • The Hacker News: TheHackNews: Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers
  • Davey Winder: Forbes: Microsoft Confirms Password Spraying Attack — What You Need To Know
Carly Page@TechCrunch //

PSEA Data Breach Exposes Personal Information of 500,000 Members - The Pennsylvania State Education Association (PSEA) experienced a data breach in July 2024, exposing the personal information of over 500,000 members.
The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, has announced a significant data breach affecting over 500,000 members. The breach, which occurred in July 2024, resulted in attackers stealing sensitive personal information. PSEA is now notifying the impacted individuals about the incident and the potential risks.

The stolen data includes highly sensitive information, such as government-issued identification documents, Social Security numbers, passport numbers, medical information, and financial data like card numbers with PINs and expiration dates. Member account numbers, PINs, passwords, and security codes were also accessed. PSEA took steps to ensure, to the best of its ability and knowledge, that the stolen data was deleted.

Recommended read:
References :
  • bsky.app: The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, is notifying over half a million individuals that attackers stole their personal information in a July 2024 security breach.
  • BleepingComputer: The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, is notifying over half a million individuals that attackers stole their personal information in a July 2024 security breach.
  • techcrunch.com: US teachers’ union says hackers stole sensitive personal data on over 500,000 members
  • www.bleepingcomputer.com: Pennsylvania education union data breach hit 500,000 people
  • The Register - Security: Attackers swipe data of 500k+ people from Pennsylvania teachers union
  • The DefendOps Diaries: Understanding the PSEA Data Breach: Lessons and Future Prevention
  • : The Pennsylvania State Education Association (PSEA) has sent breach notifications to over 500,000 current and former members
  • Zack Whittaker: Pennsylvania's biggest union for educators had a data breach, exposing over half a million members' personal information.
  • securityaffairs.com: Pennsylvania State Education Association data breach impacts 500,000 individuals
  • Carly Page: The Pennsylvania State Education Association says hackers stole the sensitive personal and financial information of more than half a million of its members.  PSEA said it “took steps†to ensure the stolen data was deleted, suggesting it was the target of a ransomware or data extortion attack, and subsequently paid a ransom demand to the hackers responsible
  • infosec.exchange: NEW: A zero-day provider that exclusively sells to the Russian government is offering up to $4 million for flaws in Telegram. This announcement offers a glimpse into what the Russian government may be especially interested in, and willing to pay (even at a premium), right now. Sources in the industry tell me the prices offered are broadly right.
  • securityaffairs.com: Zero-day broker Operation Zero offers up to $4 million for Telegram exploits
  • techcrunch.com: Russian zero-day seller is offering up to $4 million for Telegram exploits
  • CyberInsider: Cyber Insider article about Russian Zero-Day Firm Offering Record $4 Million for Telegram Exploits
  • www.techradar.com: Data breach at Pennsylvania education union potentially exposes 500,000 victims

Posts

Blogs

Research Tools