Breach, Data Security

Report reveals security failures in PowerSchool data breach

A digital warning sign with "SYSTEM HACKED" in bright red, overlaying a complex background of computer code and digital interfaces, with a deep blue and black color scheme, creating a sense of urgency and alarm.

(Adobe Stock)

A CrowdStrike cybersecurity audit of last month's data breach targeting education technology provider PowerSchool has found that the company failed to implement basic security measures, thus allowing a hacker to access millions of student records, NBC News reports.

The hacker reportedly used a single compromised employee password to log into a “Maintenance Access” function, forgoing the use of malware or sophisticated attack methods. The account was not secured by two-factor authentication, a fundamental security standard. PowerSchool also remained unaware of the breach for several days until the hacker contacted the company to demand payment. The breach exposed sensitive student data, including names, birthdays, addresses, and potentially Social Security numbers and disciplinary records. Experts warn that stolen data can be repackaged and resold, increasing the long-term risk of identity theft. While PowerSchool has pledged to enhance cybersecurity, experts note that weak protections are common in education technology. The incident underscores the need for stronger safeguards, particularly in systems handling children's personal information.

Related

Hacker of SEC’s X account sentenced after admitting guilt

After infiltrating the SEC's X account via SIM swapping conducted with the help of his co-conspirators, Council proceeded to post fraudulent information regarding the planned approval of cryptocurrency-containing exchange-traded funds, which resulted in a Bitcoin price spike, according to the Justice Department.

Extensive Israeli police breach alleged by Iran-linked hackers

Purportedly included in the exfiltrated information were officers' personal details and photos, gun licenses, email addresses, suspects' and criminals' personal data, sex offender employment permit details, and other classified documents, according to Handala, which also alleged the compromise of Israeli Ministry of National Security servers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

ByteCiphertextCryptanalysisCryptographic Hash FunctionsCyclic Redundancy Check (CRC)Data AggregationData Encryption Standard (DES)Data Loss Prevention (DLP)DecryptionDigital Envelope

You can skip this ad in 5 seconds