Here is some more news about Power School and its still looking grim

Back in January of this year we blogged about a company who is no better than anyone else when it comes to security.

here it is March, and we’re learning more about this disaster. Turns out that they were potentially pilfered in August, but nobody even knew about it.

This is the same company who could not really give us any details, and those details came out by people who were doing the investigation if I remember correctly.

The article indicates in its first paragraph that it was pilfered in August and September. So what does that tell you about the company? Its going to join the ranks of T-Mobile then with their 9 hacks in 7 or so years? I hope not!

In December, the company announced that hackers had gained unauthorized access to its customer support portal, named PowerSource. This portal included a remote maintenance tool that allowed the threat actor to connect to customers’ databases and steal sensitive information, including full names, physical addresses, contact information, Social Security numbers (SSNs), medical data, and grades.

But at that time, the numbers seemed like to me they were pulled out of thin air and they really didn’t know.

The article continues:

Although the company has not officially disclosed the number of people impacted by this incident, BleepingComputer first reported that the threat actor claimed to have stolen the data of 72 million people, including students and teachers.

Older Breach Uncovered

In an update published late last week, PowerSchool shared a CrowdStrike incident report that was compiled on February 28, 2025.

In that report, CrowdStrike confirms that the threat actors breached PowerSchool through PowerSource using compromised credentials and maintained their access between December 19, 2024, 19:43:14 UTC, and December 28, 2024, 06:31:18 UTC.

So that’s about a week and two days according to my calculations. That’s not bad, but I’m still not convinced. I think this company will continue to have problems.

The cybersecurity firm also confirmed that the threat actor exfiltrated teachers’ and students’ data from the compromised systems, though it notes there’s no evidence that other databases were stolen.

They also state that there was no indication of malware or that they moved throughout the network to gain access to the school systems in question.

If I remember the other article, tons of data were stolen from various schools throughout the country, so I don’t buy this.

So later in the article, it says that they used the same credentials to compromise the company in the two prior months stated above, August and September, but there was no proof that it was the same actor or actors.

“Beginning on August 16, 2024, at 01:27:29 UTC, PowerSource logs showed that an unknown actor successfully accessed the PowerSchool PowerSource portal using the compromised support credentials,” explains CrowdStrike.

“CrowdStrike did not find sufficient evidence to attribute this activity to the Threat Actor responsible for the activity in December 2024.”

“The available SIS log data did not go back far enough to show whether the August and September activity included unauthorized access to PowerSchool SIS data.”

At this time, PowerSchool has still not officially shared the total number of impacted schools, students, or teachers, raising concerns about transparency.

No fucking shit! Just like before, they threw out numbers, but this article doesn’t really give us numbers. What does that tell us?

However, sources told BleepingComputer that the breach impacted 6,505 school districts in the US, Canada, and other countries, with 62,488,628 students and 9,506,624 teachers having their data stolen.

This seems to be the number I remember blogging in my first report and discussion of this. Someone can let me know if I’m wrong but it sounds familiar.

BleepingComputer has contacted PowerSchool to ask for more details regarding the latest findings, and we will update this post if we hear back.

Good luck, Bleeping Computer. I doubt you will Theuy have never been transparent and you’re asking too much.

Full article PowerSchool previously hacked in August, months before data breach if you wish to read it. Sad state of affairs here.