Education technology company PowerSchool suffered a cybersecurity breach last month, it told client school systems last week.
PowerSchool, which provides cloud-based software to schools, was hacked through a customer portal called PowerSource, the company said on its website. For some people, including students, personally identifying information, Social Security numbers and medical information were leaked.
The breach began on Dec. 19, according to USA Today. PowerSchool found out about the breach on Dec. 28, but let only affected school systems know on Jan. 7. The company is working with the FBI and cybersecurity firm CrowdStrike to find out who was responsible.
No credit card banking information was leaked, PowerSchool said, and it doesn’t expect the breach to interrupt its services.
“PowerSchool is not experiencing, nor does it expect to experience, any operational disruption and continues to provide services as normal to our customers. We have no evidence that other PowerSchool products were affected as a result of this incident or that there is any malware or continued unauthorized activity in the PowerSchool environment,” PowerSchool said.
School districts and schools affected by the data breach are in Alabama, California, Connecticut, Illinois, Indiana, Iowa, Kansas, Louisiana, Maine, Massachusetts, Michigan, Nebraska, New Hampshire, New Jersey, New Mexico, New York, North Dakota, Ohio, Pennsylvania, South Carolina, Vermont and Wisconsin, according to technology news site BleepingComputer.
School districts and schools in Canada were also affected.
Some leaked information has been destroyed without being copied or spread elsewhere, PowerSchool has told customers, because the company paid a ransom to the hackers.
“PowerSchool has taken all appropriate steps to prevent the data involved from further unauthorized misuse and does not anticipate the data being shared or made public. PowerSchool believes the data has been deleted without any further replication or dissemination,” PowerSchool spokeswoman Beth Keebler told technology news site TechCrunch.
• Brad Matthews can be reached at bmatthews@washingtontimes.com.