Powerschool Hack: Months-Long Access Before December Breach

PowerSchool Data Breach: Earlier Unauthorized Access Revealed

A security breach affecting the U.S. educational technology company, PowerSchool, occurred months before the widely reported incident in December. This information stems from a recently released forensic report compiled by the cybersecurity firm CrowdStrike.

Initial Network Intrusion

PowerSchool notified impacted customers last week, as reported by TechCrunch, that their investigation uncovered unauthorized network activity predating December. CrowdStrike pinpointed the initial access as occurring as early as August 2024.

Previously, PowerSchool stated that it identified unauthorized system access between December 19th and its discovery of the breach on December 28th, 2024.

Compromised Credentials

The CrowdStrike report details that the same compromised support credentials exploited in the December breach were utilized to access PowerSchool’s network between August 16th and September 17th, 2024.

These credentials provided access to PowerSource, the same customer support portal that was breached in December, ultimately granting access to PowerSchool’s school information system (SIS).

PowerSource Access and Permissions

According to CrowdStrike, PowerSource enables support technicians with appropriate permissions to access customer SIS database instances for essential maintenance tasks.

Attribution and Preventative Measures

While CrowdStrike didn’t find conclusive evidence linking this earlier activity to the actors behind the December 2024 breach, the limited scope of PowerSchool’s log data prevented a definitive determination.

However, the findings suggest that a more prompt change of the compromised credentials could have potentially averted the December breach.

Company Response

When questioned by TechCrunch, PowerSchool spokesperson Beth Keebler refrained from commenting on whether the company had prior knowledge of this earlier network access before the publication of CrowdStrike’s report.

Ongoing Concerns and Data Impact

Several key questions surrounding the PowerSchool breach remain unanswered, notably the precise number of individuals affected.

PowerSchool has consistently avoided providing a specific figure, although estimates indicate that the personal information of over 60 million students may have been compromised.

Key Takeaway: The incident highlights the importance of robust credential management and proactive security measures within educational technology providers.