PowerSchool previously hacked in August, months before data breach

PowerSchool has published a long-awaited CrowdStrike investigation into its massive December 2024 data breach, which determined that the company was previously hacked over 4 months earlier, in August, and then again in September. PowerSchool is a cloud-based K-12 software provider serving over 60 million students and 18,000 customers worldwide, offering enrollment, communication, attendance, staff management, learning, analytics, and finance solutions. In December, the company announced that hackers had gained unauthorized access to its customer support portal, named PowerSource. This portal included a remote maintenance tool that allowed the threat actor to connect to customers' databases and steal sensitive information, including full names, physical addresses, contact information, Social Security numbers (SSNs), medical data, and grades. Although the company has not officially disclosed the number of people impacted by this incident, BleepingComputer first reported that the threa ... Read full article.