The Powerschool of the United States giant Edtech began to warn people affected by a violation of the data of December 2024 which probably affects millions of students and teachers throughout North America.
Powerschool declared in a short update on Monday that he had started the process of presenting legally requested regulatory notifications following the violation, which saw the attackers use a credential of accounts stolen to access the company support portal of the company to exist enormously amount of data sensitive to students and teachers. Powerschool previously said to Techcrunch that the hacked account was not protected with authentication to multiple factors.
The Powerschool based in California has already presented a notification of data violation with the Maine Prosecutor General, which confirms that over 33,000 state residents had stolen the data during the violation. Although the state law of Maine generally requires organizations to reveal the total number of people known to be affected by a violation, Powerschool has not yet revealed this figure.
Bleeping Computer, citing more sources, reports that the hackers responsible for the violation of the Powerschool presumably accepted the personal data of over 62 million students and 9.5 million teachers. Powerschool states on its website that its technology is used by over 60 million students.
When asked if the reported figure of 62 million students affected by the violation is accurate, the spokesman for Powerschool Beth Keebler (through the FTI Consulting crisis communication company) told Techcrunch that the company “cannot confirm” a precise number of People interested as a process of reviewing the company’s company data is underway. Powerschool has added that the organization will provide updates to the General State Lawyers as its process advances, suggesting that the number of residents in the interested Maine could be higher than the figure of 33,000 reported to date.
“This is a complicated process because the review of data for local customers requires an additional collaboration between Powerschool and those customers,” said Powerschool spokesman.
Millions of students already confirmed interested
Many questions remain unanswered on the violation of Powerschool data: it is not yet clear who was responsible for the attack; which tests Powerschool would have received that your stolen data have been eliminated; or the amount that the company paid in a demand for redemption to hackers. The lack of information relating to the accident forced the school districts affected to work together to investigate the impact and the scale of the violation.
In a post on his accident page, Powerschool says that he cannot yet confirm which types of sensitive data have been accessible “because the response varies according to individual customers and is dependent on the customer’s choice or policies and district requirements”. Techcrunch has heard from multiple school districts affected by the violation that “all” of their historical data stored in PowerSchool, including sensitive data such as information on access rights to parents to their children.
Toronto District School Board (TDSB), which last week confirmed that the hackers had had access to almost 40 years of students’ data, is the most affected organization so far, with the data of almost 1.5 million students taken in violation. In a letter to the parents, seen by Techcrunch, TDSB confirmed that the stolen data includes sexi, degree information, medical data and accommodation details.
Bleeping Computer also lists the Calgary Board of Education (CBE) among those affected by the violation and reports that the data of over 500,000 students have been taken. In a statement to Techcrunch, the spokesman for the CBE Joanne Anderson said that the Council “does not have a confirmation from Powerschool on the number of students and staff affected and details of the acquired data”.
The affected school districts are also notifying those whose data have been stolen during the violation of the Powerschool. The School District of the ADA DELLA HAHO, which has almost 40,000 students in K-12 lessons, said in a letter, seen by Techcrunch, that personal information had been accessible, including “information on the health of life and the degree For current and ex students “.
The public schools of Alessandria City in Virginia, which serve more than 16,000 students, also confirmed that the students of the students had been compromised. In a letter sent to parents, the district says that hackers accepted the personal information of the students, medical data and free meals.
In a declaration on his website, the Rochester City school district confirmed that 134,000 students were affected by the violation of Powerschool. The district, which supervises 46 New York schools, said that accessible information includes notices and diagnoses and medical conditions.
