Topics
Latest
AI
Amazon
Image Credits:Michael Nagle/Bloomberg / Getty Images
Apps
Biotech & Health
clime
Image Credits:Michael Nagle/Bloomberg / Getty Images
Cloud Computing
Commerce Department
Crypto
enterprisingness
EVs
Fintech
Fundraising
Gadgets
Gaming
Government & Policy
computer hardware
layoff
Media & Entertainment
Meta
Microsoft
seclusion
Robotics
Security
societal
Space
inauguration
TikTok
deportation
speculation
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
video
Partner Content
TechCrunch Brand Studio
Crunchboard
reach Us
A hacker compromised the U.S. edtech giant PowerSchool month before its “ massive ” datum breach in December , harmonize toa now - published forensic reportinto the incident conducted by U.S. cybersecurity firm CrowdStrike .
In a varsity letter sent to affected client last week , seen by TechCrunch , PowerSchool confirmed that an investigation into the incident has revealed that its web “ experienced unauthorized activity prior to December , ” which CrowdStrike date back to at least August 2024 .
PowerSchool previously say it detected unauthorized access to its system between December 19 until it discovered the compromise on December 28 , 2024 .
In its theme , CrowdStrike said that a drudge used the same compromise support credentials used in the December rift to access PowerSchool ’s meshwork between August 16 , 2024 , and September 17 , 2024 . The credentials were used to get at PowerSchool PowerSource , the same customer musical accompaniment portal compromised in the December breach to gain memory access to PowerSchool ’s schooltime information system ( SIS ) .
PowerSource “ allows a support technician with sufficient permissions to gain access to client SIS database instances for upkeep purposes , ” fit in to CrowdStrike .
CrowdStrike said it did not find “ sufficient evidence to attribute this activeness to the scourge histrion responsible for the bodily function in December 2024 , ” because PowerSchool ’s log data “ did not go back far enough . ” However , CrowdStrike ’s finding suggest that the December breach of PowerSchool breach could have been prevented if the compromised certification were transfer earlier .
When asked by TechCrunch on Monday , PowerSchool spokesperson Beth Keebler declined to say whether the company was aware of this other access to its web prior to the release of CrowdStrike ’s report .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
Many interrogative sentence remain about the PowerSchool breach , such as the entire bit of individuals affected . PowerSchool has repeatedly decline to leave an accurate figure , thoughreportssuggest that the personal information of more than 60 million student was accessed .
