A recent forensic report by CrowdStrike revealed that hackers had access to PowerSchool's network months prior to a major data breach in December 2024. The unauthorized access began as early as August and involved compromised support credentials used for customer service. While this incident questions PowerSchool's cybersecurity measures, the report suggests that the breach might have been avoidable had password changes occurred sooner. The total impact of the breach and the number of individuals affected remains unclear as PowerSchool has not disclosed detailed information.
CrowdStrike's investigation indicates unauthorized access to PowerSchool's network occurred as early as August 2024, suggesting earlier detection might have prevented the breach.
The compromised credentials used in the December breach were accessed from PowerSchool PowerSource, a crucial support portal granting technicians access to customer databases.
Collection
[
|
...
]