
Information about Petersburg students and school staff may have been compromised after hackers got into a software system on December 28. The company behind the system, PowerSchool, said the data breach was worldwide.
Robyn Taylor is superintendent of the Petersburg School District. She said the system keeps school information organized.
“If you think old school, pre-computers, we all had filing cabinets,” she said. “And that’s where we would store all the information about a student, about their grades, medical records, individual education plans, everything. PowerSchool is that electronic filing cabinet.”
PowerSchool’s mobile app allows parents to check their student’s progress and grades. The software is able to sync with other systems, like the Alaska Department of Education. Taylor said the school district keeps personal information like addresses and custody arrangements on PowerSchool, but not bank account information or social security numbers.
Taylor sent out a letter announcing the data breach on January 10. She said PowerSchool informed the district of the problem on January 7.
Jon Kludt-Painter is the technology director at the Petersburg School District. He said hackers got access to the information through a customer service portal.
He said it’s common for hackers to steal information from a company and then charge that company money to delete the info instead of selling it.
“They were able to get into one specific table of information, not everything, but one specific [table],” he said. “Then they alerted PowerSchool, ‘Hey, we got into your system.’ And then PowerSchool worked with them to satisfy their demands, and then they basically film a video of them destroying all the data.”
Kludt-Painter said that according to PowerSchool, the hacked data was destroyed. But the company has hired a third party, a company called CrowdStrike, to monitor the dark web for any of the information from the international hack.
Kludt-Painter said there’s not really anything the school could have done to prevent the hack.
“We have looked at our internal processes – student accounts and staff accounts are all managed through Google authentication, and so those passwords were not compromised,” he said. “It’s really this one account that we had no control on that was the most vulnerable in the system – just a backdoor account.”
PowerSchool plans to reach out to every person whose information was accessed by the hackers. The company is offering two years of identity protection to anyone whose information was compromised.