TechCrunch reports that leading U.S. education technology provider PowerSchool was discovered to have its network compromised months before being subjected to a major data breach in December, which was reported to have impacted more than 60 million students’ personal information.Attackers who snuck in on PowerSchool’s PowerSource support portal to access its school information system had leveraged support credentials that were previously used to penetrate the same systems from Aug. 16 to Sep. 17, according to a CrowdStrike forensic probe.While additional evidence is still needed to link the intrusion to a particular threat actor due to inadequate PowerSchool log data, CrowdStrike researchers noted that immediate credential modifications following the August breach could have averted significant data compromise.Despite acknowledging the investigation’s findings, PowerSchool has neither disclosed the total number of students and faculty members affected by the incident nor confirmed its awareness of earlier network infiltration before the report.
PowerSchool data breach preceded by months-long systems compromise
