What Powerschool will not say about breaching their data affecting millions of students

We have only been a few months until 2025, but the recent hack of the American giant Powerschool is one of the largest violations of education data in recent years.

Powerschool, which provides K-12 software to more than 18,000 schools in support of about 60 million students in North America, first revealed data breach in early January 2025.

California -based company, which Bain Capital acquired for $ 5.6 billionHe said that an unknown hacker uses a single compromised identification number to break his customer support portal in December 2024, allowing for more access to the company’s school information system, Powerschool SIS, which schools use to manage students, assessments, attendance and enrollment.

While Powerschool is open to some aspects of the violation – for example, Powerschool told TechCrunch that the broken Powersource portal did no Support the multifactorial authentication during the incident-several important questions remain unanswered for months.

TechCrunch sent Powerschool a list of exclusive questions about the incident that potentially affects millions of students.

Powerschool spokesman Beth Kigbler declined to answer our questions, saying that all the updates related to the violation will be published on The company’s incident pageS On January 29, the company said it started notifying people affected by violations and state regulators.

Many of the company’s clients also have exceptional questions about the violation, Forcing those affected to work together to investigate the hacS

In early March, Powerschool publishes his disorder of data after death, As prepared by CrowdsstrikeTwo months after Powerschool’s customers were told that it would be released. While many of the details in the report were known, Crowdsstrike confirmed that Hacker had access to Powerschool systems as early as August 2024.S

Here are some of the questions that remain unanswered.

Powerschool has not said how many students or employees are affected

TechCrunch has heard from Powerschool customers that the scale of data breach can be “massive”. But Powerschool has repeatedly refused to tell how many schools and persons have been affected, although he told TechCrunch that he “identifies the schools and areas whose data participated in this incident.”

Brilliant computerQuoting numerous sources, it said in January that the hacker responsible for the Powerschool violation has gained access to the personal data of more than 62 million students and 9.5 million teachers.

Asked by TechCrunch, Powerschool declined to confirm if this number was accurate.

However, Powerschool’s submission to state lawyers and communications from violated schools suggest that millions of people probably have stolen personal information in violating data.

In submission to the Prosecutor General of Texas, Powerschool confirmed that nearly 800,000 state residents had stolen data. Filed in January with Maine General Prosecutor said at least 33,000 inhabitants have been affected, but this has been since then Updated To say that the number of individuals affected is “to determine”.

Toronto Regional School Council, the largest school board in Canada, which serves approximately 240,000 students each year, the hacker said can have access to about 40 years of students for students, With the data of nearly 1.5 million students taken in the violationS

California urban city district also confirmed The hacker has access to information for all current students and employees-which, respectively, numbers about 2,700 students and 400 employees-as students and students, dating from the beginning of the 2009-2010 academic year.

Powerschool did not say what types of data were stolen

Not only do we not know how many people were affected, but we do not know how many or to what kind of data were available during the violation.

In communication shared with customers in January, observed by TechCrunch, Powerschool said the hacker had stolen “sensitive personal information” for students and teachers, including students’ grades, attendance and demographics. The company’s incident also states that the stolen data may have included the social security number and medical data, but says that “due to the differences in customer requirements, the information set out for each person varies in our client base.”

TechCrunch has I heard From numerous schools affected by the incident that “all” by their historical data on students and teachers are compromised.

One person working in a school neighborhood has told TechCrunch that stolen data include highly sensitive students’ data, such as information about the access rights of their children’s parents, restricting orders and information on when some students should take their medicines.

A source that spoke with TechCrunch in February revealed that Powerschool has provided the affected schools with a self -service tool, which can be asked and summarizes Powerschool’s clients to show what data is stored in their systems. Powerschool, however, told the schools that the instrument “may not accurately reflect data that were exfiltrated during the incident.”

It is unknown whether Powerschool has its own technical means, such as diaries, to determine which types of data have been stolen from specific school districts.

Powerschool will not say how much he paid the hacker responsible for the violation

Powerschool told TechCrunch that the organization has taken “appropriate steps” to prevent the stolen data from publishing. In the communication shared with clients, the company confirmed that it works with a company to respond to cyber-export incidents to negotiate with the participants in the threat responsible for the violation.

All this confirms that Powerschool has paid ransom to the attackers who violated its systems. However, when asked by TechCrunch, the company refused to say how much she paid or how much the hacker wanted.

We do not know what evidence the Powerschool has received that the stolen data has been deleted

Powerschool’s Keber told TechCrunch that the company “does not intend to share or disclose” and that “believes that the data has been deleted without additional replication or distribution.”

However, the company has repeatedly refused to say what evidence it has received to suggest that the stolen data had been deleted. Early reports He said the company received video proof, but Powerschool would not confirm or refuse when asked by TechCrunch.

Even then, the evidence of deletion is by no means a guarantee that the hacker does not yet have the data; The Last Download of the United Kingdom of the Lockbit Ransomware gang has found evidence that The band still had data belonging to victims who paid the search for ransomS

The hacker behind the data breach is still unknown

One of the largest unknown to the Powerschool cyberattack is who is responsible. The company is in communication with the hacker, but has refused to reveal its identity if it is known. Cybersteward, the Canadian incident response organization that Powerschool works for negotiating, did not answer TechCrunch questions.

Crowdstrike’s court report leaves questions unanswered

After the release of Powerschool from him Crowdstrik forensic report In March, a person at a school affected by the offense told TechCrunch that the findings were “undermined”.

The report confirms that the violation was caused by a compromised identification number, but the root cause of how the compromised identification number was acquired and used remains unknown.

Mark Racine, CEO of Boston -based educational technology, rooting solutions, Teccrunch told that while the report provides “some details”, there is not enough information to “understand what went wrong.”

It is not known exactly how far back is Powerschool violation in reality

A new detail in the Crowdstrike report is that a hacker has access to the Powerschool network between August 16, 2024 and September 17, 2024S

Access was obtained using the same compromised credentials used in December violation, and the hacker gained access to Powerschool Powersource, the same customer support portal compromised in December to gain access to the Powerschool School Information System.

Crowdstrike, however, said there was insufficient evidence to conclude that it was the same actor of threat responsible for breaking December due to insufficient logs.

But the findings suggest that the hacker – or multiple hackers – may have had access to the Powerschool network for months before access was opened.

Do you have more information on Powerschool Data Violation? We will be glad to hear from you. From the non -working device you can securely contact Carly Page of a signal to +44 1536 853968 or by email of carly.page@techcrunch.comS