The hackers breached US Edtech giant Powerschool several months before the “large” data breaches in December, according to a now-released forensic report on an incident conducted by US cybersecurity company Crowdstrike.
In a letter sent to affected customers last week, TechCrunch saw, PowerSchool confirmed that investigation into the incident revealed that its network had “experienced fraudulent activity prior to December.”
PowerSchool previously said it had detected unauthorized access to the system during December 19th until it discovered a compromise on December 28th, 2024.
In the Report, Crowdstrike said that hackers using the same compromised support qualification used in the December violation to access PowerSchool's network between August 16, 2024 and September 17, 2024, to access PowerSchool's PowerShool PowerSource, used their qualifications to access the same customer support portal registered with PowerSchool's Breach.
PowerSource “permits support technicians who have sufficient authority to access the customer SIS database instance for maintenance purposes,” according to CrowdStrike.
CrowdStrike said PowerSchool's log data “has not returned enough” and thus failed to find “sufficient evidence resulting from the threat actors responsible for the activity in December 2024.” However, Crowdstrike's findings suggest that if the enforced eligibility changed earlier, a December Powerschool violation could have been prevented.
When asked by TechCrunch on Monday, PowerSchool spokesman Beth Keebler refused to say whether the company was aware of previous access to the network prior to the release of Crowdstrike's report.
Many questions remain about PowerSchool violations, including the total number of affected individuals. PowerSchool repeatedly refused to provide accurate numbers, but reports suggest that personal information from more than 60 million students has been accessed.