A significant cyberattack and data breach at U.S.-based educational technology giant PowerSchool was uncovered on December 28. This breach poses a substantial threat to the privacy of millions of school children and teachers across North America by potentially exposing sensitive personal data. The breach, which infiltrated PowerSchool's systems, was traced back to a compromised maintenance account linked to a technical support subcontractor.
PowerSchool, which employs single sign-on technology and multi-factor authentication (MFA) for its employees and contractors, experienced this breach due to a lapse in security protocols. The subcontractor’s account lacked MFA, allowing hackers to gain unauthorized access. The breach was identified within one of PowerSchool's customer support portals, where it was discovered that the malware had extracted the engineer's saved passwords and browsing histories from Google Chrome and Microsoft Edge browsers.
The impact of this breach is particularly concerning given the scale of PowerSchool's operations. Their school records software is utilized by 18,000 schools, serving over 60 million students. The stolen data includes highly sensitive personal information, such as Social Security numbers, grades, demographics, and even medical information of students and teachers.
The cyberattack was facilitated by the LummaC2 infostealing malware, which had infected the engineer’s computer before the attack. This malware enabled the extraction of the engineer's credentials from various platforms used by PowerSchool, including source code repositories, the Slack messaging platform, and Jira instance. Alarmingly, the stolen credentials were disseminated among a wider online community, including closed cybercrime-focused groups on Telegram.
In response to the breach, PowerSchool is collaborating with incident response firm CrowdStrike to conduct a thorough investigation. Beth Keebler from CrowdStrike stated:
"CrowdStrike’s initial analysis and findings show no evidence of system-layer access associated with this incident nor any malware, virus or backdoor" – Beth Keebler
Despite these assurances, the potential exposure of highly sensitive data remains a pressing concern. PowerSchool has emphasized its commitment to robust password security protocols. According to a company statement:
"Robust protocols in place for password security, including minimum lengths and complexity requirements, and passwords are rotated in alignment with NIST recommendations" – PowerSchool
The compromised maintenance account highlights a critical vulnerability in the absence of MFA—a security measure that is standard practice for safeguarding sensitive information. The breach underscores the importance of applying stringent security protocols not only internally but also extending them to all associated contractors and subcontractors.
PowerSchool has not yet disclosed the exact number of customers affected by this data breach. However, an official report on the incident is anticipated to be released soon. The education technology sector has been increasingly targeted by cybercriminals due to the wealth of personal data maintained by educational institutions. This incident serves as a stark reminder of the necessity for rigorous cybersecurity measures in protecting such sensitive information.
Leave a Reply