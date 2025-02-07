Breach, Data Security

Report reveals security failures in PowerSchool data breach

A digital warning sign with "SYSTEM HACKED" in bright red, overlaying a complex background of computer code and digital interfaces, with a deep blue and black color scheme, creating a sense of urgency and alarm.

(Adobe Stock)

A CrowdStrike cybersecurity audit of last month's data breach targeting education technology provider PowerSchool has found that the company failed to implement basic security measures, thus allowing a hacker to access millions of student records, NBC News reports.

The hacker reportedly used a single compromised employee password to log into a “Maintenance Access” function, forgoing the use of malware or sophisticated attack methods. The account was not secured by two-factor authentication, a fundamental security standard. PowerSchool also remained unaware of the breach for several days until the hacker contacted the company to demand payment. The breach exposed sensitive student data, including names, birthdays, addresses, and potentially Social Security numbers and disciplinary records. Experts warn that stolen data can be repackaged and resold, increasing the long-term risk of identity theft. While PowerSchool has pledged to enhance cybersecurity, experts note that weak protections are common in education technology. The incident underscores the need for stronger safeguards, particularly in systems handling children's personal information.

Related

Over 17K impacted by Texas city breach

The Dallas suburb noted in an online notice that the incident resulted in the compromise of names, addresses, Social Security numbers, credit card details, driver's license numbers, medical insurance data, and financial account details.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

ByteCiphertextCryptanalysisCryptographic Hash FunctionsCyclic Redundancy Check (CRC)Data AggregationData Encryption Standard (DES)Data Loss Prevention (DLP)DecryptionDigital Envelope

You can skip this ad in 5 seconds