Audit reveals Powerschool’s security failure in Rochester City School District data breach

ROCHESTER, N.Y. — New details have emerged about the data breach that impacted students in the Rochester City School District. An audit reveals that PowerSchool, the company breached, did not implement basic security measures.

According to cybersecurity firm CrowdStrike, PowerSchool failed to use multi-factor authentication. Hackers did not employ malware or exploit a backdoor; instead, they accessed the system using a single employee’s password.

A source informed News10NBC that PowerSchool paid a ransom to the hackers. In return, the hackers provided a video showing them supposedly deleting the stolen data.

The Rochester City School District reported on Tuesday that hackers accessed the records of approximately 134,000 students and staff.

A.I. assisted with the formatting of this story. Click here to see how WHEC News10NBC uses A.I.