A recent forensic report by CrowdStrike has shed new light on the massive data breach suffered by U.S. edtech giant PowerSchool in December, revealing that a hacker had compromised the company's network months prior to the incident. The report, obtained by TechCrunch, suggests that the earlier unauthorized access could have potentially prevented the December breach if proper measures were taken.

According to the report, the hacker accessed PowerSchool's network between August 16, 2024, and September 17, 2024, using compromised support credentials. These same credentials were later used to access PowerSchool's customer support portal, PowerSource, and gain access to the company's school information system (SIS) in December. The PowerSource portal allows support technicians with sufficient permissions to access customer SIS database instances for maintenance purposes.

In a letter to affected customers, PowerSchool confirmed that an investigation into the incident revealed unauthorized activity on its network prior to December, which CrowdStrike dated back to at least August 2024. However, when asked by TechCrunch, PowerSchool spokesperson Beth Keebler declined to comment on whether the company was aware of this earlier access to its network prior to the release of CrowdStrike's report.

The CrowdStrike report highlights the importance of timely action in preventing data breaches. The firm noted that it did not find sufficient evidence to attribute the earlier activity to the threat actor responsible for the December breach, citing a lack of log data that did not go back far enough. Nevertheless, the report suggests that changing the compromised credentials sooner could have prevented the December breach.

The PowerSchool breach has raised numerous questions, including the total number of individuals affected. Despite repeated requests, PowerSchool has declined to provide an accurate figure, although reports suggest that the personal information of more than 60 million students was accessed. The incident has sparked concerns about the security of sensitive data and the accountability of companies in preventing such breaches.

The revelation of the earlier unauthorized access has significant implications for the edtech industry, emphasizing the need for robust security measures and proactive incident response strategies. As the investigation into the PowerSchool breach continues, it remains to be seen what measures will be taken to prevent similar incidents in the future and ensure the protection of sensitive data.

In the meantime, the incident serves as a stark reminder of the importance of cybersecurity in the digital age. With the increasing reliance on technology in various sectors, including education, it is crucial that companies prioritize data security and transparency to maintain the trust of their customers and the public at large.