PowerSchool, a provider of K-12 software and cloud solutions, had a breach over the holidays.
-
PowerSchool, a provider of K-12 software and cloud solutions, had a breach over the holidays. But not to worry, they paid the cybercriminals who hacked them and they have a video of the crooks deleting the data.
"PowerSchool has received reasonable assurances from the threat actor that the data has been deleted and that no additional copies exist."
Thank goodness the threat actors are so reasonable, right? SMH.
-
@briankrebs would they lie?
-
R [email protected] shared this topic
-
@briankrebs Can't wait for them to become this
-
@briankrebs Dammit. I hate being subjected to this crap. Schools are wholly ill-equipped when it comes to managing and making decisions around technology.
-
@briankrebs The people with morals low enough to hack children’s information are definitely trustworthy enough to not have made backups or faked their deletion video, right? Right??
-
@briankrebs I, too, can make a recording of me deleting data. I just won't record myself making a copy of the data as well...
-
P [email protected] shared this topic
-
@[email protected] I contract for education in the United States and I'd like to take a moment to remind everyone...
SIS (Student Information Services) stores not only your grades, your transcript, your demographics (think, address, emergency contacts) but also medical records (In the united states schools are mandated to have a copy of your vaccination history). So this might sound not that bad but what the hackers had access to...
Grades
Transcripts
Vaccination records
Home Addresses
Parents (including their phone number)
Emergency contacts
Email addresses
and that's just the surface it really depends on a lot of other factors but this is what i know off the top of my head. -
@[email protected] We're also talking about potentially things like proof of residence (birth certificates, utility bills and so on). So like this is not your run of the mill "facebook hacked they have your email address and phone number" this is pretty fucking bad
-
@[email protected] honestly I'm in awe because what the actual fuck lol??? they have confidence this threat actor deleted the gold mine of treasures.
-
@puppygirlhornypost2 @briankrebs
This is the crap I had to use to register my kid at school. They (PowerSchool) have proof of income, my drivers license, my mortgage statement, my kid's birth certificate, vaccination records, and so so so much more information than you would think.
-
@[email protected] @[email protected] yeah i forgot about the proof of residency and then i remembered. it's really bad, this is really really bad.
-
@[email protected] @[email protected] And on top of it some students could potentially be outted by deadnames / old gender markers in previous paperwork or medical records.
-
@[email protected] @[email protected] I (un)fortunately live in a state where it is downright illegal to store preferred names in SIS. the only way that would happen is if a student has undergone a legal name change in which case this would already be public record. If that makes you feel any better...
-
@[email protected] this client has transgender students and i have to keep their emails strictly their legal name. it hurts me.
-
@[email protected] the awkwardness of a student walking into my office asking for a password reset, me asking their name… searching our system… not getting a result… telling them I can’t find them and then hearing the pain in their voice "oh, try $NAME…" It’s not exactly easy to do this to trans students
-
@[email protected] breaks my heart every time because they get super timid and worried that I’m gonna judge them or yell at them it’s not fun
-
@puppygirlhornypost2 @briankrebs Some SIS also store bank and/or credit card data to automatically bill for tuition, lunch, after school programmes.
Some also have fundraising/development modules storing lists of donors and donations.
It’s a cesspool of radioactive data. -
@[email protected] @[email protected] good point! I was thinking more of terms around a specific client. We have an outside vendor for catering and their system manages the lunch accounts. I completely forgot that use case for SIS. Thanks for pointing it out because yeah, some schools absolutely have everything in one basket.
-
@briankrebs Having worked in IT for two different school districts, this is incredibly frustrating. Often understaffed and underfunded, districts rely on services like these to help manage the load. Yet these services are run by the "why would a thief lie" crowd.
-
@[email protected] @[email protected] love that i find out about this from fedi and not my actual job at school using powerschool
