A hacker compromised US giant Edtech Powerschool months before his ‘massive’ data violation in December, according to a forensic report now published for the incident by the US Firm of Internet Crowdstrike.
In a letter sent to the affected clients last week, first by Techcrunch, Powerschool confirmed that an investigation into the incident has revealed that his network “experienced an unauthorized activity before December”, which Crowdstrike dated at least August 2024.
Powerschool previously said it discovered unauthorized access to its systems between December 19 until it discovered the compromise on December 28, 2024.
In his report, Crowdstrike said that a hacker using the same compromised support credentials used in the December violation to access the Powerschool network between August 16, 2024, and September 17, 2024. Credentials were used to enter Powerschool Powersource. acquire access to the Powerschool School School Information System (SIS).
Powersource “allows for a support technician with enough permission to gain access to customer database cases for maintenance purposes”, according to Crowdstrike.
Crowdstrike said he did not find “sufficient evidence to attribute this activity to the actor of threat responsible for the activity in December 2024” because the Powerschool record data “did not return so far”. However, the findings of the Crowdstrike suggest that the December violation of the Powers school violation could have been prevented if compromised credentials were changed faster.
When asked by Techcrunch on Monday, Powerschool Beth Keebler spokesman refused to say if the company was aware of this early approach to its network before the Crowdstrike report is released.
There are many questions left about the Powers school violation, such as the total number of affected individuals. Powerschool has repeatedly refused to provide an accurate figure, although reports suggest that more than 60 million students were achieved.
