Don't Get Schooled: Lessons From PowerSchool's Big Breach

Why MFA and Data Minimization Remain Key for Preventing Massive Data Breaches Mathew J. Schwartz (euroinfosec) • January 24, 2025

Clear lessons have already emerged from PowerSchool's investigation into the massive theft of its customers' data.

See Also: Defending the Digital Frontline with Strategies for Defense Agencies | Live Webinar

A main takeaway is that the vendor failed to use multi-factor authentication to safeguard access to its accounts - and had MFA been in place, it likely would have prevented the breach.

"Security features such as MFA should be configured as basic table stakes for any online systems, in particular those that store sensitive data such as that of children," said cybersecurity expert Brian Honan, owner of BH Consulting, who also founded Ireland's first computer emergency response team.

"If you are employing a third-party platform for any critical services you should perform regular risk assessments to determine if the ...