Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
On January 7, at 11:10 pm in Dubai, Romy Backus received an email from PowerSchool, a large technology company, informing him that the school where he works is one of the victims of a data breach that the company discovered on December 28. PowerSchool said hackers. had accessed a cloud containing confidential information of students and teachers, including Social Security numbers, medical information, grades, and other personal information from schools around the world.
Considering that PowerSchool bills itself as the provider of the largest K-12 education program — 18,000 schools and more than 60 million students — in North America, the impact could be “significant,” according to a technology employee at the affected school. the school told TechCrunch. Sources from school districts involved in the incident told TechCrunch The hackers got “everything” about the profiles of the students and their teachers stored in their system provided by PowerSchool.
Backus works at the American School of Dubai, where he manages the school’s PowerSchool SIS system. Schools use the system — the same system that was hacked — to track student data, such as grades, attendance, enrollment, and sensitive information such as Social Security numbers and medical records.
The next morning after receiving an email from PowerSchool, Backus said that he went to see his director, initiated the school’s policies to eliminate the data breach, and began to investigate to understand what the hackers stole from his school, since PowerSchool was not provided. anything related to his school in his revealing email.
“I started digging because I wanted to know more,” Backus told TechCrunch. “Just telling me that, well, we’ve been touched.” Good. Well, what has been taken? When was it taken? How difficult is it?”
“They weren’t willing to give us any information that customers needed to do our due diligence,” Backus said.
Before long, Backus realized that other administrators at schools using PowerSchool were trying to find the same answers.
“Some of it had to do with confusing and inconsistent communication that came from PowerSchool,” according to one of the dozen school officials who spoke to TechCrunch on the condition that they, or their school district, not be named.
“To (PowerSchool’s) credit, they informed their customers very quickly about this, especially when you look at all the technology, but their communication lacked any practical information and was very misleading, very confusing,” the person said.
contact us
Do you have information about the PowerSchool breach? From a non-working device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You can contact TechCrunch via SecureDrop.
In the first hours after PowerSchool’s notification, schools were scrambling to find out the extent of the breach, or if it had been breached at all. PowerSchool customers’ email accounts, where they share information with each other, “exploded,” as Adam Larsen, assistant principal of Community Unit School District 220 in Oregon, Illinois, put it to TechCrunch.
The community quickly realized they were on their own. “We need our friends to act quickly because they will not believe what PowerSchool is announcing right now,” said Larsen.
“There was a lot of panic and not reading what’s already been shared, and asking the same questions over and over again,” Backus said.
Because of his skills and knowledge of the system, Backus said he was able to quickly identify data breaches at his school, and began comparing records with other employees from other affected schools. After realizing that there was a way to break the rules, and I suspect it would be the same for others, Backus decided to combine the control method with details, such as the IP address that the attackers used to break into the schools, and steps. take to investigate what has happened and see if the system has been breached, and what has been stolen.
At 4:36 pm in Dubai on January 8, less than 24 hours after PowerSchool notified all customers, Backus said he posted a shared Google Doc on WhatsApp by chatting in groups with other PowerSchool administrators based in Europe and the Middle East, who often share information and resources to help each other. Later that day, after speaking with many people and correcting the document, Backus said he had it posted PowerSchool User Groupan unofficial PowerSchool user support group with over 5,000 members.
Since then, the document it has been updated frequently and has reached about 2,000 wordsare thriving within the PowerSchool community. As of Friday, the document had been viewed more than 2,500 times, according to Backus, who created a Bit.ly shortlink that allows him to see how many people clicked on the link. Several people have publicly shared the full address of the document on Reddit and other closed groups, so many may have seen the document. At the time of writing, there were about 30 viewers of the post.
The same day Backus shared his document, Larsen published it open armsand also action videowith the intention of helping others.
Backus’ document and Larsen’s materials are an example of how school staff who were hacked — and those who weren’t hacked but were still notified by PowerSchool — came together to help each other. School staff need to support each other and respond to the breach due to the difficulty of cooperation and demand due to the slow and insufficient response from PowerSchool, according to half of the staff of the affected schools who participated in the community. effort and talked about his experience with TechCrunch.
Several other school staff were helping each other in several Reddit thread. Some of them were published on field of K-12 system administratorswhere users must be tested and verified to be able to deploy.
Doug Levin, co-founder and CEO of the nonprofit organization that helps schools with cybersecurity, K12 Security Information eXchange (K12 SIX), published it. his FAQ about the PowerSchool hack, he told TechCrunch that such collaborations are common in the community, but “the PowerSchool incident is so widespread that it stands out.”
“The field itself is large and diverse — and, we haven’t yet established the information sharing tools that are available in other fields for cybersecurity events,” Levin said.
Levin emphasized the fact that the education sector must rely on open collaboration through informal, sometimes government-based channels because schools often lack IT staff, and lack expertise in cyber security.
A school employee told TechCrunch that “for most of us, we don’t have the funding for the cyber security that we need to deal with what’s happened and we have to come together.”
When reached for comment, PowerSchool spokeswoman Beth Keebler told TechCrunch: “Our PowerSchool customers are part of a strong security community that is committed to sharing information and helping each other. We are grateful for our customers’ patience and are very grateful to those who jumped in to help their peers by sharing information. We will continue to do so.” the same.”
Additional reporting by Carly Page.
