BrianKrebs
PowerSchool, a provider of K-12 software and cloud solutions, had a breach over the holidays. But not to worry, they paid the cybercriminals who hacked them and they have a video of the crooks deleting the data.
"PowerSchool has received reasonable assurances from the threat actor that the data has been deleted and that no additional copies exist."
Thank goodness the threat actors are so reasonable, right? SMH.
Rocketman
@briankrebs one of the two parties in this transaction are acting professionally.
And it’s not PowerSchool.
BrianKrebs
Started poking at this PowerSchool breach a bit more. Constella Intelligence finds a shocking number of infostealer infections (some quite recent) from people w/ powerschool.com email addresses.
Meanwhile, this breach is likely to involve quite a bit of very detailed information gleaned from their users (students). Last year, PowerSchool was hit by two class action lawsuits that alleged "the defendant companies, through persistent digital surveillance, harvest vast troves of sensitive information from children and their families without their knowledge or consent. The companies are alleged to use that information for commercial purposes in violation of families’ privacy, property, and consumer rights."
"The named plaintiffs are the parents of students who have used these platforms, on behalf of themselves and their children. The parents argue that, simply by sending their children to school as the law requires, they do not surrender their rights to know what information private companies are taking from their children and how it will be used—and to decide whether to agree to that collection and use."
https://edtech.law/wp-content/uploads/2024/05/complaint-powerschool.pdf
https://edtech.law/wp-content/uploads/2024/05/complaint-ixl.pdf
BrianKrebs
An update from a school district in Winston-Salem, NC on the fallout from the PowerSchool breach. Love how they also use weasel words "steps were taken" to euphemize "they paid."
Not for nothing, but Winston-Salem is still recovering from its own ransomware attack over the holidays. This is fine.
"Hello Winston-Salem Forsyth County Schools families and staff,
Tuesday afternoon, the state of North Carolina’s student information system provider, PowerSchool, notified the district that an unauthorized party gained access to its system. School systems across the state, nation and world were impacted, including WS/FCS. Information about WS/FCS students, families and staff was accessed during this incident.
The incident is under investigation by PowerSchool, federal law enforcement, and NC Department of Public Instruction officials. PowerSchool reported that steps were taken to prevent the data from further misuse and the company believes the data has been deleted. According to PowerSchool, the incident is contained and they do not anticipate the data being shared or made public. Law enforcement officials are monitoring to ensure the information has not been spread or shared.
We are working closely with PowerSchool and NC DPI to identify what information was accessed and to determine what steps will be taken by PowerSchool to support any individual whose data has been breached.
NC DPI says there was no action WS/FCS could have taken to prevent this incident, which happened at the company level.
PowerSchool is a web-based platform school systems are required by North Carolina to use to maintain student and staff data. Protecting student and staff information is critically important, and we take this issue seriously.
We will keep families and staff informed as we receive more information from PowerSchool and NC DPI.
Thank you for your patience as we and our school district colleagues across the world work through this situation.
- WS/FCS"
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.