@cyberscoop.com
//
A 19-year-old college student from Worcester, Massachusetts, Matthew Lane, has agreed to plead guilty to charges related to a massive cyberattack on PowerSchool, a cloud-based education software provider. The cyberattack involved extorting millions of dollars from PowerSchool in exchange for not leaking the personal data of millions of students and teachers. Lane exploited stolen credentials to gain unauthorized access to PowerSchool's networks, leading to the theft of sensitive student and teacher data.
The data breach is considered one of the largest single breaches of American schoolchildren's data, affecting approximately 62.4 million students and 9.5 million teachers. According to court documents, Lane obtained stolen data from a U.S. telecommunications company before targeting PowerSchool. After the initial victim refused to pay a ransom, Lane allegedly sought to hack another company that would pay. The stolen information included sensitive details like Social Security numbers and academic records. Lane will plead guilty to multiple charges, including cyber extortion conspiracy, cyber extortion, unauthorized access to protected computers, and aggravated identity theft. The incident has been described by authorities as a serious attack on the economy, with the potential to instill fear in parents regarding the safety of their children's data. This case highlights the increasing risk of cyberattacks targeting educational institutions and the importance of robust cybersecurity measures to protect student and teacher data. Recommended read:
References :
Dissent@DataBreaches.Net
//
Pearson, the global education and publishing giant, has confirmed it suffered a cyberattack resulting in the theft of corporate data and customer information. The breach was discovered by BleepingComputer, who reported that the attackers gained unauthorized access to Pearson's systems. Pearson, a UK-based company, is a major player in academic publishing, digital learning tools, and standardized assessments, serving schools, universities, and individuals across over 70 countries.
Pearson stated that after discovering the unauthorized access, they acted to stop the breach, investigate the incident, and ascertain what data was affected with forensics experts. They also supported law enforcements investigation. Furthermore, Pearson said they've taken steps to deploy additional security measures onto their systems, including enhanced security monitoring and authentication. BleepingComputer was tipped off that someone used an exposed GitLab Personal Access token to compromise Pearson’s development environment in January 2025. The token was found in a public .git/config file, with the attackers using this access to find even more login credentials, hardcoded in the source code, which they then used to infiltrate the company’s network and steal corporate and customer information. The company downplayed the significance of the breach, suggesting the stolen data was largely outdated, referring to it as "legacy data." Pearson has not disclosed the number of individuals affected, nor the specific types of information exposed. There was no employee information among the stolen files, it was confirmed. Recommended read:
References :
Pierluigi Paganini@Security Affairs
//
References:
securityaffairs.com
, The Hacker News
,
Microsoft has issued a warning regarding a recent password spraying attack targeting the education sector. The tech giant has identified the threat actor behind these attacks as Storm-1977. This group is actively targeting cloud tenants within educational institutions, attempting to gain unauthorized access through compromised credentials.
Storm-1977 employs a Command Line Interface (CLI) tool called AzureChecker.exe in its attacks. This tool is used to retrieve AES-encrypted data from an external server, which contains a list of targets for the password spraying. Additionally, AzureChecker accepts a text file ("accounts.txt") containing username and password combinations. It then uses this information to attempt validation against target tenants. In one successful instance, Storm-1977 exploited a guest account to create a resource group within a compromised subscription. The attackers proceeded to create over 200 containers within this group, using them for illicit cryptocurrency mining. Microsoft advises organizations to secure container deployments and runtimes, monitor Kubernetes API requests, and implement policies to prevent deployments from untrusted registries to mitigate such activities. Recommended read:
References :
Carly Page@TechCrunch
//
The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, has announced a significant data breach affecting over 500,000 members. The breach, which occurred in July 2024, resulted in attackers stealing sensitive personal information. PSEA is now notifying the impacted individuals about the incident and the potential risks.
The stolen data includes highly sensitive information, such as government-issued identification documents, Social Security numbers, passport numbers, medical information, and financial data like card numbers with PINs and expiration dates. Member account numbers, PINs, passwords, and security codes were also accessed. PSEA took steps to ensure, to the best of its ability and knowledge, that the stolen data was deleted. Recommended read:
References :
|