By Parker Soughers
In today’s modern age, cyber security has become a prevalent issue in everyday life. Powerschool–a company used by schools to track students’ grades and progress‒was the victim of a major security breach. This breach exposed the private information of tens of millions of American students.
Powerschool’s Student Information System (SIS) held student information such as names, addresses, parental information, and in some cases, social security numbers and health records. In January, 2024, Powerschool announced the data breach with the following statement:
“On December 28, 2024, we became aware of a potential cybersecurity incident involving unauthorized access to certain PowerSchool SIS information through one of our community-focused customer portals, PowerSource. We have taken all appropriate steps to prevent the data involved from further unauthorized access or misuse. The incident is contained and we do not anticipate the data being shared or made public. PowerSchool is not experiencing, nor expects to experience, any operational disruption and continues to provide services as normal to our customers.”
After becoming aware of the data breach, Powerschool commissioned an audit of their systems cybersecurity by the cybersecurity company CrowdStrike. The results of the audit showed that the breach was a consequence of the lack of basic precautions Powerschool had taken with cybersecurity. The hacker had not gained access through the backdoor or threats of malware but rather by obtaining a single employee’s password.
Due to a lack of two-factor authentication, the hacker had gained access to the “Mantencene Access” function, granting them the ability to download children’s private information. Powerschool wasn’t aware of the security breach until late December when the hacker contacted the company, holding the information for ransom.
The hacker claimed that they possessed the information of over 62 million students. Mishka McCowen, Powerschool’s Chief Information Officer, informed NBC reporters in a virtual meeting that Powerschool paid the hacker’s ransom and received a video of the hacker deleting the stolen data. However, it is impossible to know if the hacker had made copies of the catalog of student information.
Personal data has become less “personal” in the rise of online technology. Now more than ever, security measures must be taken in order to protect one’s private information online. Strong passwords, two-factor authentication, and continuing to educate yourself remain some of the easiest and most effective ways to prevent malefactors from accessing private data.
beniciapaw.com 