Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
This is only February, but the recent hack in the United States’s AdTEC Giant PowerSscul is likely to be the biggest violation of the year.
PowerSscul confirmed the violation in early January by providing K -12 software to more than 5 schools to support nearly 1 million students across North America. California -based agency, Which Bain Capital earned $ 5.6 billion in 2024It has been said that hackers used compromised certificates to violate his customer support portal, which allowed the company’s school information system, more access to SIS, which schools used to manage students record, grade, attendance and enrollment.
“On December 28, 2021, we have been aware of a potential access to unauthorized access to some PowerScul SIS information through one of our community-centric customer portals,” PowerScul’s spokesman, PowerSource, PowerScul’s spokesman, PowerScul’s spokesman, ”
PowerScul was open about some aspects of the violation. PowerSource Portal, for example, did, on the TechCrunch Not Support Multi-factor authentication at the time of the incident, when PowerSsculled. However, a number of important questions remain unpaid.
TechCrunch has sent a list of outstanding questions about this event, which is likely to influence several million students in the United States that refused to answer our questions that all updates related to the violation will be posted Pages of the organizationThe January 25th, the company said it Begin to inform people Influenced by breach and state regulators.
PowerScul told customers that it would share an incident of the cyberquacy firm Croudstrike in mid -January, which the company appointed to investigate the violation. However, a number of sources working in the affected schools as a result of the violation told TechCrunch that they could not accept it yet.
Customers of the organization also have a lot of answer questions, Forced the victims to work together by breach to make hack investigationsThe
Here are some questions that remain unmanageable.
It is not known how many schools or students are affected
TechCrunch PowerScourse has heard from the affected schools that its scale can be “huge”. However, after telling PowerScol TechCrunch how many schools and individuals were damaged, it was refused to say that it “identified the schools and districts that were involved in the incident.”
Blipping computerAccording to multiple sources, the hacker responsible for the PowerScol violation has been alleged to have accessed more than 62 million students and 9.5 million teachers’ personal data. PowerScol has repeatedly refused to confirm whether this number was correct.
Although PowerScol will not give a number, the state Attorney General’s recent filing suggests that personal information has been stolen by the violation of millions of people. For example, PowerSscale confirmed in a filing near the Attorney General of Texas that about 800,000 state residents were stolen data.
Communication from the violated school district gives a general idea about the size of the violation. Toronto District School Board (TDSB), the largest school board in Canada that serves about 240,000 students every year, Said that the hacker May access data of a valuable student of about 40 years, Including about 1.5 million student data taken in violationThe Likewise, Menlo Park City School District in California Confirmed The hacker that has accessed all the current students and staff information-which is about 2,75 students and 5 workers-the number of students and staff at the beginning of the academic year.
We still don’t know what kind of data was stolen
We do not just know how many people were affected, but we also do not even know what kind of data was accessed during the violation.
In a communication shared with customers in early January, the company confirmed that the hacker had stolen “sensitive personal information” on students and teachers, including grades, attendance and population. The Company’s Incident Page Also States That Stolan Security Numbers and Medical Data, but say that “Difference in Customers Request Forms. Ross Our Customer Base. “
There is also TechCrunch Heard The “all” of their historical students and teachers’ data was compromised from multiple schools affected by this incident.
A person working in an infected school district told TechCrunch that the stolen data included information about their children’s parents’ access to the rights of parents, and specific students, including information about when they need to take their medicines.
Talking to TechCrunch in February, a source said that PowerScol’s customer could ask and shorten PowerScol’s customer data to show what data was stored on their system. PowerScul told the damaged schools, however, this tool “cannot properly reflect the exfiltrated data during the incident.”
It is not known that PowerScall has its own technical way to determine what kind of data was stolen from a specific school district.
PowerScul did not say how much the hacker was responsible for violation
PowerScul told TechCrunch that the company had taken a “appropriate step” to prevent the stolen data from publishing. In the case of communications shared with customers, the company has confirmed that it has worked with actors responsible for violating a cyber-comprehensive event in violation of the response.
They, however, confirmed that PowerScourse provided a ransom that had violated its systems. However, when asked by TechCrunch, the company refused to say how much the company gave it, or how much the hacker claimed.
PowerScouls did not know what the evidence found that the stolen data was deleted
PowerScul’s Kebella told TechCrunch that the company “does not expect to share data or make public” and it “believes that the data has been removed without any more transcript or promotion.”
However, the company has repeatedly refused to say what theft has been deleted to explain what it has been deleted. Early Report It was said that the company received a video proof, but when asked by TechCrunch, PowerScol will not be sure or deny.
Nevertheless, the evidence of deletion is not guaranteed in any way that the hacker is not yet occupied by data; Proof that the Tekdown of the UK recent Lockbeat Ransomware gang has proved This gang still had data from the affected people who provided the demand for ransomThe
We don’t know who was behind the attack
PowerScus is one of the biggest unknown about cybertacks who were responsible. The company has contacted the hacker but refused to reveal their identity if it was known. Cyberstaord did not answer TechCrunch’s question, which was in response to the Canadian incident.
The results of the Croudstrike investigation remained as a mystery
PowerScul is working with Croudstrike in response to an event to investigate the violation of the power. PowerScul’s customers were told that the security firm’s inquiries would be released on January 1 January. However, the report has not yet been released, and the affected school districts have informed TechCrunch that they have not yet seen the report. Croudstrich refused to comment when asked by TechCrunch.
Croudstrich published an interim report in January, which saw TechCrunch, but there was no new details about the violation.
Do you have more information about PowerScul’s data breach? We would like to hear from you. From a non-work device, you can securely contact the Curly page through signals or email at +44 1536 853968 Carly.page@techcranch.comThe
