Database Tables of Student, Teacher Info Stolen From PowerSchool In Cyberattack

An anonymous reader quotes a report from The Register: A leading education software maker has admitted its IT environment was compromised in a cyberattack, with students and teachers' personal data -- including some Social Security Numbers and medical info -- stolen. PowerSchool says its cloud-based student information system is used by 18,000 customers around the globe, including the US and Canada, to handle grading, attendance records, and personal information of more than 60 million K-12 students and teachers. On December 28 someone managed to get into its systems and access their contents 'using a compromised credential,' the California-based biz told its clients in an email seen by Register this week.

'We believe the unauthorized actor extracted two tables within the student information system database,' a spokesperson told us. 'These tables primarily include contact information with data elements such as name and address information for families and educators. 'For a certain subset of the customers, these tables may also include Social Security Number, other personally identifiable information, and limited medical and grade information. 'Not all PowerSchool student information system customers were impacted, and we anticipate that only a subset of impacted customers will have notification obligations.' While the company has tightened security measures and offered identity protection services to affected individuals, cybersecurity firm Cyble suggests the intrusion 'may have been more serious and gone on much longer than has been publicly acknowledged so far,' reports The Register. The cybersecurity vendor says the intrusion could have occurred as far back as June 16, 2011, with it ending on January 2 of this year.

'Critical systems and applications such as Oracle Netsuite ERP, HR software UltiPro, Zoom, Slack, Jira, GitLab, and sensitive credentials for platforms like Microsoft login, LogMeIn, Windows AD Azure, and BeyondTrust' may have been compromised, too.

Read more of this story at Slashdot.