PowerSchool Hack: Breach Began Months Before December Cyberattack, Says CrowdStrike
CrowdStrike reveals PowerSchool was hacked months before its massive December 2024 breach, exposing student data.
Matilda
PowerSchool Hack: Breach Began Months Before December Cyberattack, Says CrowdStrike
A hacker compromised the U.S. edtech giant PowerSchool months before its ‘massive’ data breach in December, according to a now-published forensic report into the incident conducted by U.S. cybersecurity firm CrowdStrike. Image:Michael Nagle/Bloomberg / Getty Images In a letter sent to affected customers last week, PowerSchool confirmed that an investigation into the incident has revealed that its network “experienced unauthorized activity prior to December,” which CrowdStrike dated back to at least August 2024. PowerSchool previously said it detected unauthorized access to its systems between December 19 until it discovered the compromise on December 28, 2024. In its report, CrowdStrike said that a hacker using the same compromised support credentials used in the December breach to access PowerSchool’s network between August 16, 2024, and September 17, 2024. The credentials were used to access PowerSchool PowerSource, the same customer support portal compromised in the December breach to…
