The #PowerSchool breach, explained: what happened, what data was exposed, and what Ontario and Alberta regulators found. Under Canadian #privacy laws, there's no outsourcing accountability. And if you don't need it, don't collect it or retain it. New on my YouTube channel: https://youtu.be/l4ytObPKx2A
#PowerSchool
This feels like the companies that blame users for having bad passwords in a breach. Maybe technically true in a way, but come on... Under staffed under resourced schools aren't responsible for a vendor's failing. The vendor is. #PowerSchool https://www.theregister.com/2025/11/20/powerschool_breach_reports/
đš PowerSchool Hacker Sentenced: 4 Years for 62M Student Data Breach
Matthew D. Lane, 19, hacked PowerSchool, stole sensitive info, demanded ransom, and now faces 4 years in prison with $14M restitution & $25K fine.
đŹ How should K-12 platforms secure sensitive student and teacher data? Comment & follow @technadu for expert cybersecurity coverage.
#CyberSecurity #DataBreach #K12Security #PowerSchool #StudentData #Ransomware #Infosec #DigitalSafety #TechNadu #CyberCrime
Earlier today, Matthew Lane, the 19-year old from Massachusetts who confessed to hacking a telecom and #PowerSchool, was sentenced to 4 years in prison, 3 years supervised release after that, $14M in restitution, and forfeiture of $160k.
#EduSec #cybersecurity #ShinyHunters #G0retrance #databreach
đą Sept ans requis contre un hacker de 19 ans pour le piratage de PowerSchool et le vol de donnĂ©es massives
đ Selon lâarticle, les procureurs demandent une peine de sept ans de prison contre Matthew Lane (19 ans...
đ cyberveille : https://cyberveille.ch/posts/2025-10-13-sept-ans-requis-contre-un-hacker-de-19-ans-pour-le-piratage-de-powerschool-et-le-vol-de-donnees-massives/
đ source : https://therecord.media/powerschool-prison-sentence-hacker
#PowerSchool #hacking #Cyberveille
đ PowerSchool hacker faces sentencing after $14M damages Matthew Lane, aka âg0retrance,â M19, awaits sentencing for #PowerSchool and telecom hacks after pleading guilty to cyber extortion and identity theft. Once a would-be white hat ignored by MIAA, faces up to 84 months and $14M restitution.
NEW: PowerSchool hit by Salesloft Drift campaign, but hackers claim that there is no risk of harm or ransom
#PowerSchool #EduSec #EdTech #Salesloft #Salesforce #cybersecurity #databreach
Texas sues PowerSchool over breach exposing 62M students, 880k Texans
Texas Attorney General has filed a lawsuit against education software company PowerSchool, which suffered a massive data breach in December that exposed the personal information of 62 million students, including over 880,000 Texans.
#Texas #PowerSchool #databreach #education #security #cybersecurity #hackers #hacking #hacked
âIl Texas fa causa a #PowerSchool per una violazione che ha esposto 62 milioni di studenti e 880.000 texani
Il procuratore generale del Texas Ken Paxton ha intentato una causa contro la societĂ di software educativo PowerSchool, che ha subito una massiccia violazione dei dati a dicembre, che ha esposto le informazioni personali di 62 milioni di studenti, tra cui oltre 880.000 texani.
https://www.bleepingcomputer.com/news/security/texas-sues-powerschool-after-massive-data-breach-hit-62-million-students/
@scuola
Texas Attorney General Ken Paxton has filed a lawsuit against PowerSchool over its massive 2024 data breach. The lawsuit claims that PowerSchool violated both the Texas Deceptive Trade Practices Act and the Identity Theft Enforcement and Protection Act by misleading customers about its security practices and failing to take reasonable measures to protect sensitive information entrusted by Texas families and school districts.
Lawsuit: https://www.texasattorneygeneral.gov/sites/default/files/images/press/PowerSchool%20Petition.pdf
h/t, Click2Houston
"To the extent that COPPA could be deemed to create an agency relationship between schools and parents, the scope of any such agency should be strictly limited to the parental notice-and-consent process addressed by that legislation, and should not be extended to any other contractual terms, including arbitration." This would not be nearly as concerning if everyone wasn't so provenly bad at securing their systems and the data within, despite the "We Are Very Good At Privacy And Security, Actually" statements on their websites. #EdTech #COPPA #FERPA #PowerSchool #SIS #AI
Oh wait, never mind. As it turns out #EdTech have asserted that schools can consent to privacy agreements on behalf of parents and students so we're not even involved. Good stuff. Probably not a good sign for them that even the FTC disagrees with this very skewed reading of #COPPA and #FERPA legislation đ€ https://edtech.law/cases/nonconsensual-student-data-mining-powerschool-and-ixl-learning/ #PowerSchool #SIS #AI
Guess I should ask school about this too đ€·ââïž #PowerSchool #SIS #AI
Hey US parents with kids attending K-12 schools that use #PowerSchool as their #SIS, did you notice this year's big new feature is PowerBuddy the friendly #AI chat bot? Great right? đ±
My first question for it was "How do I opt out of all the AI things?" (Because I know you likely already unknowingly mishandled student data) and was told to reach out to school admin staff for help. Classy move to outsource product privacy support to your customers, I'm sure schools appreciate it too.
Remember back in the stone age when you found out your middle/high school schedule y showing up on day one?
Yeah, I kind of miss that.
And the Privacy Commissioner has discontinued its investigation into PowerSchool. They say theyâre satisfied with the companyâs response and commitment to safety measures.
https://www.cbc.ca/news/canada/toronto/federal-privacy-watchdog-discontinuing-student-data-breach-investigation-1.7591131
- - -
Et le Commissaire Ă la vie privĂ©e a interrompu son enquĂȘte de PowerSchool. Il dit ĂȘtre satisfait des rĂ©ponses de la compagnie et de son engagement dans les mesures de sĂ©curitĂ©.
https://www.priv.gc.ca/fr/nouvelles-du-commissariat/nouvelles-et-annonces/2025/nr-c-20250722/
So they wouldn't have committed without that "engagement?"
#PowerSchool #EduSec #databreach
"We take your privacy and security very seriously... when we have to," admitted no entity, ever.
Breaches have consequences (sometimes):
"On Monday, the North Carolina State Board of Education approved a six-month, roughly $270,000 contract with PowerSchool for professional evaluations and onboarding services. The contract, NCDPI noted, isnât related to the student information system, which was hacked in December. That systemâs contract will expire at the end of June and wonât be renewed."
https://www.wect.com/2025/06/25/ncdpi-renews-contract-with-powerschool-after-massive-data-breach/
Attribution is hard, Thursday edition...
NEW by me: A guilty plea in the PowerSchool case still leaves unanswered questions
#PowerSchool #hack #extortion #attribution #transparency #incidentresponse
Help, please:
If anyone has a copy of the ransom note sent to PowerSchool in December 2024 or PowerSchool clients in May 2025, please email me a copy or upload it to me on Signal. I want to see not only the body, but the full header and signature.
PowerSchool has not been transparent about the extortion aspects of the incident and has not responded to inquiries.
To reach me on Signal, my number is +1 516-776-7756. Email: breaches@databreaches[.]net
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst