On January 7, at 11:10 p.m. in Dubai, Romy Backus received an email from education technology giant PowerSchool informing her that the school she worked for was one of the victims of the data breach the company discovered in December. 28. PowerSchool says hackers. access to a cloud system that houses a lot of information on students and teachers, including Social Security numbers, medical information, grades, and other personal data from schools around the world.

Because PowerSchool bills itself as the largest provider of cloud-based education software for K-12 schools — about 18,000 schools and more than 60 million students — in North America, the impact will be “very big,” as a tech worker at an affected school told TechCrunch. Sources in the school districts affected by the incident told TechCrunch that hackers access “all” their student and teacher history data stored in their systems provided by PowerSchool.

Backus works at the American School of Dubai, where he manages the school’s PowerSchool SIS system. Schools use this system — the same system that was hacked — to manage student data, such as grades, attendance, enrollment, and more sensitive information such as student Social Security numbers and medical records.

The morning after getting the email from PowerSchool, Backus said he went to his manager, triggered the school’s protocols for handling data breaches, and began investigating the breach to understand exactly what happened. hackers stole from his school, because PowerSchool did not provide. any details related to his school in the email to disclose it.

“I started digging because I wanted to know more,” Backus told TechCrunch. “Just telling me that, okay, we have been affected. Nice. Well, what did it take? When was it taken? How bad are you?”

“They weren’t willing to give us any concrete information that customers needed to do our own due diligence,” Backus said.

Soon after, Backus learned that other school administrators using PowerSchool were trying to find the same answers.

“Some of it has to do with confusing and inconsistent communication coming from PowerSchool,” according to one of the half-dozen school workers who spoke to TechCrunch on the condition that they, or their school district, not be named.

“To (PowerSchool’s) credit, they did alert their customers to this, especially when you look at the tech industry as a whole, but their communication lacked any actionable information and was misleading at worst, confusing at best,” the person said.

In the early hours after PowerSchool’s announcement, schools scrambled to determine the extent of the breach, or even if they had been breached. The email listservs of PowerSchool customers, where they used to share information with each other, “exploded,” said Adam Larsen, the assistant superintendent for Community Unit School District 220 in Oregon, Illinois, put it to TechCrunch.

The community quickly realized they were on their own. “We need our friends to act quickly because they really can’t trust PowerSchool information right now,” Larsen said.

“There’s a lot of panic and not reading what’s already been shared, and then asking the same questions over and over again,” Backus said.

Thanks to his own expertise and knowledge of the system, Backus said he was able to quickly identify which data was compromised at his school, and began comparing notes with other workers from other affected schools. When he realized there was a pattern to the breach, and suspected it was the same for others, Backus decided to set up a way to lead with details, such as the specific IP address used by the hackers in the breach. in schools, and steps. to investigate the incident and determine if a system was breached, along with what specific data was stolen.

At 4:36 pm Dubai time on January 8, less than 24 hours after PowerSchool notified all customers, Backus said he sent a shared Google Doc on WhatsApp group chats with other PowerSchool administrators based in Europe and throughout the East, who regularly share information and resources to help each other. Later that day, after talking to several people and refining the document, Backus said he posted it the PowerSchool User Groupan unofficial support forum for PowerSchool users with more than 5,000 members.

Since then, the document is regularly updated and has grown to nearly 2,000 wordseffectively went viral within the PowerSchool community. As of Friday, the document had been viewed more than 2,500 times, according to Backus, who created a Bit.ly shortlink that allowed him to see how many people clicked on the link. Many people have shared the document’s full web address on Reddit and other closed groups, so it’s likely that many others have seen the document. At the time of writing, there are about 30 viewers of the document.

The same day Backus shared his document, Larsen published it an open source set of toolsas well as a how-to videowith the goal of helping others.

Backus’ document and Larsen’s tools are an example of how the community of workers in hacked schools — and those that weren’t actually hacked but were still informed by PowerSchool — rallied to support each other. School workers should turn to helping each other and responding to the breach in a crowdsourced way fueled by solidarity and necessity because of the slow and incomplete response from PowerSchool, according to half a dozen workers at affected schools participated in the community effort and talked about their experiences with TechCrunch.

Many other school workers support each other on Several Reddit threads. Some of them are published in the subreddit of K-12 system administratorswhere users must be vetted and verified in order to post.

Doug Levin, the co-founder and national director of a nonprofit that helps schools with cybersecurity, the K12 Security Information eXchange (K12 SIX), published own FAQ about the PowerSchool hack, told TechCrunch that this type of open collaboration is common in the community, but “the PowerSchool incident is a large scope that it is more apparent.”

“The sector itself is large and diverse — and, in general, we haven’t built the information-sharing infrastructure that other sectors have for cybersecurity incidents,” Levin said.

Levin emphasizes the fact that the education sector must rely on open collaboration through more informal, sometimes public channels often because schools are often understaffed in terms of IT workers, and lacks specialist cybersecurity expertise.

Another school worker told TechCrunch that “for most of us, we don’t have the funding for the full cybersecurity resources we need to respond to incidents and we have to pull together.”

When reached for comment, PowerSchool spokeswoman Beth Keebler told TechCrunch: “Our PowerSchool customers are part of a strong security community dedicated to sharing information and helping each other. We’re grateful to our customers and sincerely thank those who have jumped in to help their peers by sharing information. We will continue to do the same.”

Additional reporting by Carly Page.