Hacker acceded the Powerschool network for the months before the massive December violation
A pirate compromised the American giant of the Edtech Powerschool of the months before his “massive” data violation in December, according to A medico-legal report now published In the incident led by the American Cybersecurity Company Crowstrike.
In a letter sent to customers affected last week, seen by Techcrunch, Powerschool confirmed that a survey on the incident revealed that its network “experienced unauthorized activity before December”, which went up at least August 2024.
Powerschool previously declared that it had detected unauthorized access to its systems between December 19 until he discovered compromise on December 28, 2024.
In the report, Crowdsstrike said that a hacker using the same compromised support identification information used in the December violation to access the Powerschool network between August 16, 2024 and September 17, 2024. Identification information was used to access Powerschool Powersource, the same school gate (SIS).
Powersource “allows a support technician with sufficient authorizations to access database instances located for maintenance purposes”, according to Crowstrike.
Crowstrike said he had not found “sufficient evidence to assign this activity to the threat actor responsible for the activity in December 2024”, because the logarithmic data of Powerschool “did not come back far enough”. However, Crowdsstrike’s results suggest that the December violation of the Powerschool violation could have been prevented if the compromised references were changed earlier.
When asked on Monday by Techcrunch, the spokesperson for Powerschool, Beth Keebler, refused to say if the company was aware of this previous access to its network before the publication of the Crowstrike report.
Many questions remain on the violation of the Powerschoollike the total number of people affected. PowerSchool has repeatedly refused to provide a specific figure, however reports suggest that personal information of more than 60 million students has been accessible.
