A hacker compromised the U.S. edtech giant PowerSchool months before its ‘massive’ data breach in December, according to a now-published forensic report into the incident conducted by U.S. cybersecurity firm CrowdStrike.
In a letter sent to affected customers last week, seen by TechCrunch, PowerSchool confirmed that an investigation into the incident has revealed that its network “experienced unauthorized activity prior to December,” which CrowdStrike dated back to at least August 2024.
PowerSchool previously said it detected unauthorized access to its systems between December 19 until it discovered the compromise on December 28, 2024.
In its report, CrowdStrike said that a hacker using the same compromised support credentials used in the December breach to access PowerSchool’s network between August 16, 2024, and September 17, 2024. The credentials were used to access PowerSchool PowerSource, the same customer support portal compromised in the December breach to gain access to PowerSchool’s company’s school information system (SIS).
PowerSource “allows a support technician with sufficient permissions to gain access to customer SIS database instances for maintenance purposes,” according to CrowdStrike.
CrowdStrike said it did not find “sufficient evidence to attribute this activity to the threat actor responsible for the activity in December 2024,” because PowerSchool’s log data “did not go back far enough.” However, CrowdStrike’s findings suggest that the December breach of PowerSchool breach could have been prevented if the compromised credentials were changed sooner.
When asked by TechCrunch on Monday, PowerSchool spokesperson Beth Keebler declined to say whether the company was aware of this earlier access to its network prior to the release of CrowdStrike’s report.
Many questions remain about the PowerSchool breach, such as the total number of individuals affected. PowerSchool has repeatedly declined to provide an accurate figure, though reports suggest that the personal information of more than 60 million students was accessed.
#Hacker #accessed #PowerSchools #network #months #massive #December #breach