NewsLocal News

Actions

School software hack could expose Maryland student, teacher data

Computer Coding Keyboard Dark Web Data Breach Cyberattack Cybersecurity
Posted
and last updated

BALTIMORE — A recent data breach could affect schools, teachers, and students nationwide.

Frederick County Public Schools issued an alert Thursday notifying parents and staff about the hacking of a student information system.

PowerSchool is a software company used by FCPS and others around the country.

According to FCPS, someone gained unauthorized access to system data from school districts using stolen credentials.

The alleged breach occurred sometime between December 19 and 28, with FCPS learning about it on January 7.

FCPS said they began using and transferring student information into PowerSchool last year.

"The breach impacted two FCPS data tables in the new SIS, including records of both teachers and students. We are actively working with PowerSchool to determine exactly what data was impacted and will share additional information in a follow-up communication," FCPS said in a letter to parents and staff.

PowerSchool reportedly deleted the compromised file, making it no longer accessible.

The cybersecurity firm CrowdStrike was reportedly hired to investigate.

So far they claim none of the potentially exposed data has appeared on the dark web.

"While this breach has affected many districts across the country and the full scope of the breach is still being investigated, we want to assure you that FCPS stopped collecting social security numbers for students more than 10 years ago so this sensitive data was not exposed," FCPS said.
WMAR-2 News asked other public school systems in the area if they are affected.

So far Cecil County said they are impacted, and currently assessing the situation.

Baltimore City and Baltimore County, along with Anne Arundel, Harford and Howard Counties tell us they are not affected.

PowerSchool released this statement on the situation.

“On December 28, 2024, we became aware of a potential cybersecurity incident involving unauthorized access to certain PowerSchool SIS information through one of our community-focused customer portals, PowerSource. As soon as we learned of the incident, we immediately engaged our cybersecurity response protocols and mobilized a cross-functional response team, including senior leadership and third-party cybersecurity experts. PowerSchool is not experiencing, nor does it expect to experience, any operational disruption and continues to provide services as normal to our customers. We have no evidence that other PowerSchool products were affected as a result of this incident.
We take our responsibility to protect student, family, and educator data privacy extremely seriously, and we are committed to helping affected customers, families, and educators with resources and support as we work through this together.”