A 19-year-old college student will plead guilty to carrying out a massive hack against PowerSchool, a popular student information system used by schools around the country. The hacker threatened to leak the names, email addresses, phone numbers, Social Security numbers, dates of birth, and medical information of tens of millions of students and teachers if the company didn’t pay a $2.85 million ransom. PowerSchool paid the ransom but later received additional threats to expose stolen data. The DOJ accuses the hacker of breaking into PowerSchool using stolen login credentials and transferring the information to a computer server in Ukraine.
Source: https://www.theverge.com/news/671713/powerschool-hack-guilty-plea-matthew-lane
TPRM report: https://scoringcyber.rankiteo.com/company/powerschool
"id": "pow333052125",
"linkid": "powerschool",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence: Attack in which the personal and financial information is compromised"{'affected_entities': [{'customers_affected': 'Tens of millions of students '
'and teachers',
'industry': 'Education',
'location': 'United States',
'name': 'PowerSchool',
'size': 'Large',
'type': 'Educational Technology'}],
'attack_vector': 'Stolen login credentials',
'customer_advisories': 'null',
'data_breach': {'data_encryption': 'null',
'data_exfiltration': 'Yes',
'file_types_exposed': 'null',
'number_of_records_exposed': 'Tens of millions',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['PII', 'Medical Information']},
'date_detected': 'January 2023',
'date_publicly_disclosed': 'null',
'date_resolved': 'null',
'description': 'A 19-year-old college student, Matthew Lane, will plead '
'guilty to carrying out a massive hack against PowerSchool, a '
'popular student information system. The attack involved cyber '
'extortion, unauthorized access to protected computers, and '
'aggravated identity theft.',
'impact': {'brand_reputation_impact': 'Significant',
'conversion_rate_impact': 'null',
'customer_complaints': 'null',
'data_compromised': ['Names',
'Email addresses',
'Phone numbers',
'Social Security numbers',
'Dates of birth',
'Medical information'],
'downtime': 'null',
'financial_loss': 'null',
'identity_theft_risk': 'High',
'legal_liabilities': 'null',
'operational_impact': 'null',
'payment_information_risk': 'null',
'revenue_loss': 'null',
'systems_affected': ['PowerSource customer support portal']},
'initial_access_broker': {'backdoors_established': 'null',
'data_sold_on_dark_web': 'null',
'entry_point': 'Stolen login credentials',
'high_value_targets': 'null',
'reconnaissance_period': 'null'},
'investigation_status': 'Ongoing',
'lessons_learned': 'null',
'motivation': 'Financial Gain',
'post_incident_analysis': {'corrective_actions': 'null',
'root_causes': 'null'},
'ransomware': {'data_encryption': 'null',
'data_exfiltration': 'Yes',
'ransom_demanded': 'Yes',
'ransom_paid': 'Yes',
'ransomware_strain': 'null'},
'recommendations': 'null',
'references': [{'date_accessed': 'null',
'source': 'Department of Justice',
'url': 'null'}],
'regulatory_compliance': {'fines_imposed': 'null',
'legal_actions': 'null',
'regulations_violated': 'null',
'regulatory_notifications': 'null'},
'response': {'adaptive_behavioral_waf': 'null',
'communication_strategy': 'null',
'containment_measures': 'null',
'enhanced_monitoring': 'null',
'incident_response_plan_activated': 'null',
'law_enforcement_notified': 'Yes',
'network_segmentation': 'null',
'on_demand_scrubbing_services': 'null',
'recovery_measures': 'null',
'remediation_measures': 'null',
'third_party_assistance': 'null'},
'stakeholder_advisories': 'null',
'threat_actor': 'Matthew Lane',
'title': 'Massive Hack Against PowerSchool',
'type': 'Data Breach and Ransomware',
'vulnerability_exploited': 'null'}