Software used by the Southwestern Central School District was recently affected by a cybersecurity incident.
The district was notified that PowerSource, a cloud-based software for K-12 schools, had an incident involving unauthorized exfiltration of personal data from certain Student Information System environments.
PowerSchool indicated an unauthorized party gained access to customer data using a compromised set of credentials from one of its support engineers. The company became aware of the incident December 28, 2024.
PowerSchool has assured Southwestern that it conducted a review via its third-party cybersecurity experts. It engaged CrowdStrike, a leading cybersecurity expert, for a thorough investigation. It has no evidence that other PowerSchool products were affected as a result of this incident, or that there is any malware or continued unauthorized activity in the PowerSchool environment.
Information related to current and former students and educators involved included one or more of the following, which varied by person: name, contact information, date of birth, limited medical alert information, Social Security Number/Social Insurance Number, and other related information. PowerSchool says it has no evidence that credit card or banking information was involved.
PowerSchool says it is taking further steps to strengthen the security of its systems and has informed Southwestern it will provide complimentary credit identity protection services including, if applicable, credit monitoring services, for those involved.
PowerSchool is coordinating with Experian and TransUnion to provide notice on behalf of its United States customers whose information was involved and for whom it had available contact information.
Visit https://www.powerschool.com/security/sis-incident/ for more information.
Leave a Reply