School software provider is the latest target of major hack of personal data

PowerSchool, a California-based education software provider, acknowledged last week that hackers had hacked the private information of millions of American adults and children.

Hackers gained access to student addresses, Social Security numbers, grades, and medical information on the platform—which schools use for student records, grades, attendance, and enrollment—after the breach occurred at the end of December, according to new information confirmed by TechCrunch Thursday morning.

According to the company, parents’ and guardians’ identities, phone numbers, and emails may have also been compromised. According to the organization, hackers gained access to the internal customer support system by using a stolen login, or credential. According to the corporation, PowerSchool has 16,000 users and is utilized by over 50 million students in North America.

The event is the most recent significant data breach to occur in the United States, where the number of cybercrimes is increasing annually. In 2023, the FBI’s Internet Crime Complaint Center received 880,418 complaints, which was over twice as many crimes as in 2019 and a 10% rise over the previous year. According to the government, $37.4 billion in possible financial losses could result from cybercrime since 2019.

The hack at PowerSchool serves as an illustration of how cybercriminals make money. The business claimed that it was coerced into paying a certain amount to stop hackers from disclosing the stolen information, although it did not specify the amount.

According to tech experts, money is the primary motivator for most cybercrimes.

According to Rob Scott, managing partner of the technology law company Scott & Scott LLP in Dallas, hackers frequently use valid credentials to get access to internal software. According to him, when people think of hacking, they probably envision automated attacks that use passwords and login credentials.

See also  U.S. House fails to reauthorize 20-year-old bipartisan bill to fund rural schools, communities

Accounts bought on the so-called Dark Web, a sizable portion of the internet that is unavailable to the majority of traditional browsers, are the source of many breaches, according to Scott.

or instances of employee carelessness involving inadequate password management, or IT guidelines regarding password management and confidentiality, he said.

This incident did not exemplify a ransomware attack, in which hackers encrypt computer data using software or malware to deny users access to their device. In 2023, 2,835 ransomware crimes occurred, with the most common targets being government, manufacturing, and healthcare sectors.

However, Scott noted that most cybercrimes are motivated by financial gain.

Pickpocketing was common, right? According to Scott, bank robberies used to occur. The contemporary counterpart of those kinds of endeavors is cybersecurity.

According to Chandler, Arizona-based Kiran Chinnagangannagari, cofounder and chief product and technology officer of cybersecurity company Securin, you’re probably correct in thinking that your data has been compromised in some form by now as these breaches become more frequent.

According to Chinnagangannagari, the development of generative AI systems has turned the internet into a data-hungry place since these systems require vast amounts of data in order to learn and improve.

Despite the fact that all 50 states have data breach reporting laws and roughly 20 states have consumer data privacy regulations, Chinnagangannagari and Scott stated that they do not believe that legislation is very helpful in combating this expanding issue. According to Scott, a lot of the regulations require businesses to notify customers, but they put additional strain on businesses that were only the targets of criminal activity.

See also  Is 2025 the year of private school choice in Idaho? ‘Several’ bills could be coming

Laws that promote proactive protection against needless data acquisition, according to Chinnagangannagari, are more beneficial. For instance, HIPAA imposes stringent guidelines on the collection, storage, and exchange of health information by healthcare providers. Purpose limitation and data minimization regulations are part of the California Consumer Privacy Act, as updated by the California Privacy Rights Act.

After these massive attacks on a company or organization, there isn’t much that an individual can do, but consumers can take some steps to practice good cyber hygiene, according to Chinnagangannagari.

Learn as much as you can about the terms and conditions of any major platforms or apps you join up for, and be cautious about where you put your information. When possible, use multi-factor authentication and establish a policy that prohibits password reuse. According to the cybersecurity expert, there are other services that will look for your data and alert you if it has been a part of a large-scale breach.

Even while it may feel hopeless, Chinnagangannagari acknowledges that doing these things and monitoring your accounts for odd financial or internet activity will help you get ready for our new world.

He claimed that we weren’t taught it as children. The world is very different. Therefore, humans must continue to adapt and coexist with this ecology.

OUR WORK IS MADE POSSIBLE BY YOU.

Leave a Reply

Your email address will not be published. Required fields are marked *