A cyberattack and data breach at U.S. edtech giant PowerSchool that was discovered December 28 threatens to expose the private data of tens of millions of school children and teachers.
PowerSchool told customers the breach was linked to the compromise of a subcontractor’s account. TechCrunch learned this week of a separate security incident, involving a PowerSchool software engineer, whose computer was infected with malware that stole their company credentials prior to the cyberattack.
It’s unlikely the subcontractor mentioned by PowerSchool and the engineer identified by TechCrunch are the same person. The theft of the engineer’s credentials raises further doubts about the security practices at PowerSchool, which was acquired by private equity giant Bain Capital in a $5.6 billion deal last year.
PowerSchool has shared only a few details publicly about its cyberattack, as affected school districts begin notifying their students and teachers of the data breach. The company’s website says its school records software is used by 18,000 schools to support more than 60 million students across North America.
In a communication shared with its customers last week and viewed by TechCrunch, PowerSchool confirmed the unnamed hackers stole “sensitive personal information” on students and teachers, including some students’ Social Security numbers, grades, demographics, and medical information. PowerSchool has not yet said how many customers are affected by the cyberattack, but several school districts hit by the breach have told TechCrunch their logs show the hackers stole “all” of their historical student and teacher data.
One person who works at an affected school district told TechCrunch they have evidence that highly sensitive information about students was exfiltrated in the breach. The person gave examples, such as information about parental access rights to their children, including restraining orders, and information about when certain students need to take their medications. Other people at affected school districts told TechCrunch that the stolen data will depend on what each individual school added to their PowerSchool systems.
According to sources speaking with TechCrunch, PowerSchool told its customers that the hackers broke into the company’s systems using a single compromised maintenance account associated with a techni …