PowerSchool hack exposes Indiana students' data

1 month ago 260

BROWNSBURG, Ind. -- Multiple Indianapolis area school corporations confirmed an unauthorized user accessed its student information system as part of a national data breach.

Emails sent to families by the Brownsburg Community School Corporation, Noblesville Schools and more confirmed their school corporations were among thousands of schools that had their data compromised following a breach of the PowerSchool SIS platform on Dec. 28, a K-12 software and cloud-based solutions provider.

New labels will help people pick devices less at risk of hacking

"PowerSchool became aware of a potential cybersecurity incident involving unauthorized access to certain information through one of our community-focused customer support portals, PowerSource," the company said. "Over the succeeding days, our investigation determined that an unauthorized party gained access to certain PowerSchool Student Information System (“SIS”) customer data using a compromised credential."

PowerSchool provides solutions for K-12 schools and districts for over 60 million students and over 18,000 customers around the world. The company provides a platform to assist districts with enrollment, communication, attendance, staff management, learning systems and more.

Noblesville, Westfield, Brownsburg and New Palestine are just some of the central Indiana school corporations that use the platform and informed parents about the data breach.

PowerSchool said that the cybersecurity incident was contained and that the provider was not experiencing any operational disruptions. The provider confirmed that it followed proper protocol, which included deactivating the compromised credential and restricting access to the PowerSource portal, which was the source of the breach.

"Rest assured, we have taken all appropriate steps to prevent the data involved from further unauthorized access or misuse," PowerSchool said. "We do not anticipate the data being shared or made public, and we believe it has been deleted without any further replication or dissemination."

An email sent by the Brownsburg Community School Corporation, which FOX59/CSB4 obtained Wednesday night, said the cybersecurity incident resulted in the theft of personal information belonging to students and teachers from thousands of school districts around the country, including in Brownsburg.

This data could include names, social security numbers, birthdates and contact information.

However, Brownsburg Community School Corporation noted that it does not store social security numbers for its students and parents in PowerSchool.

China hacked Treasury Department earlier this month: Officials

Noblesville Schools stated that information compromised by the breach includes their students' directory information, such as addresses and phone numbers. Medical information and parental directory information is also included.

The school districts said they are actively working with the FBI and PowerSchool to learn more about the circumstances that led to the data breach. The email added that this stolen information has likely been deleted.

"PowerSchool has informed us that they have taken action with the hackers to ensure the unauthorized data was deleted without any further replication or dissemination," Noblesville Schools said. "They do not anticipate any of the data being shared or made public and are working with cybersecurity experts and law enforcement to ensure ongoing data safety."

Brownsburg schools added, "The Indiana Department of Education is filing a possible breach to the Indiana Office of Technology per state code. At this time, there isn’t any action to be taken on your part.  We expect to get additional communication from PowerSchool and will share any important updates."

Source: www.newsnationnow.com
Read Entire Article Source

To remove this article - Removal Request