"PowerSchool has informed us that they have taken action with the hackers to ensure the unauthorized data was deleted without any further replication or dissemination."
"PowerSchool has informed us that they have taken action with the hackers to ensure the unauthorized data was deleted without any further replication or dissemination."
From a school system email:
PowerSchool has informed us that they have taken action with the hackers to ensure the unauthorized data was deleted without any further replication or dissemination. They do not anticipate any of the data being shared or made public and are working with cybersecurity experts and law enforcement to ensure ongoing data safety. PowerSchool indicated they will be providing credit monitoring to affected adults and identity protection services to affected minors in accordance with regulatory obligations.
I feel like this is a euphemistic way of saying "we paid the ransom" without actually saying "we paid the ransom."
In the FAQ, PowerSchool confirmed that the security incident was not ransomware in nature, but noted that it worked with CyberSteward, a Canadian organization that offers cyber-extortion incident response services, to negotiate with the threat actors responsible for the breach.
This confirms previous reporting that PowerSchool was the target of an extortion-only attack and that it paid a financial sum to prevent the hackers from publishing the stolen data.
I'm over this, "we were too incompetent and failed at our job, so your personal information is in the hands of a bad entity. Sry, here's "monitoring".
No. How about you fucking pay me and suffer consequences instead? If you can't afford to pay thousands to every affected individual and continue being a business, you don't get to be a business anymore. Equifax and Change Healthcare are two companies I did not opt into using, but had to, and they both fucked up and lost all of my most sensitive information. People should be in jail and I should have thousands of dollars more in compensation. Instead, I got $7 from Equifax and offered free monitoring from CHC. Make it so it's debilitating when sensitive information is lost, and maybe places would take security more seriously.
I love your username...
I heard an interview with a (US) lawyer specializing in data breaches. They pointed out the fine print of accepting monitoring often includes releasing the offering company of liability, agreeing to arbitration, things like that
I looked but didn't see that in writing for my change healthcare situation, but I sure didn't take the free monitoring because I'm waiting for the class action, and I have assumed that would disqualify me.
It's just insulting. Sorry we may have fucked up your life and you have no recourse, but here's a sticker.
I'm upset about this but I'm way more upset to be finding out about it from Lemmy instead of from my school district or PowerSchool directly. My Pennsylvnaia school district hasn't said anything about this.
Just got the email a couple hours ago, our district has been shut down all week though.
yeah my district hasn't sent anything out at all..
I read about it yesterday morning and my school district sent out an email The same evening. I believe had it not been published they would have stayed quiet.
I wonder what the data entailed other than school name, student name, and grades?
EDIT: Found answer. It included social security numbers.
At this point it's on the US federal government. The "Social Security" system is entirely lacking in security.
All systems can be compromised no matter how secure. It sucks that we have to out our kids privacy at risk just to send them to school.