PowerSchool data breach exposes millions of student and teacher records

In recent years, cybercriminals have shown no mercy when it comes to targeting various industries, including health care, insurance, automotive, and education. The health care sector has been a frequent target, with high-profile breaches like the Ascension breach last year and the CVR incident in late 2024. However, the latest victim on the cybercriminals’ hit list is education technology giant PowerSchool.

PowerSchool, a company that serves 18,000 customers worldwide and manages grading, attendance, and personal information for over 60 million K-12 students and teachers, recently fell victim to a cybersecurity breach. The breach, which was discovered on December 28, involved hackers gaining unauthorized access to the PowerSource support portal using stolen credentials. Through this portal, the attackers were able to steal data from the PowerSchool SIS platform, which is used for managing student records.

The exact number of affected individuals is still unknown, but the scale of the breach is alarming. The stolen data primarily includes contact details such as names and addresses, but for some school districts, sensitive information like Social Security numbers, medical records, and grades may also have been compromised. PowerSchool has assured its customers that support tickets, credentials, and forum data were not accessed or stolen during the breach.

In response to the breach, PowerSchool has hired a third-party cybersecurity firm to investigate the incident and determine the extent of the intrusion. The company has also taken steps to tighten security measures, deactivate compromised credentials, and offer free credit monitoring to affected adults and identity protection services to minors.

To protect themselves from potential identity theft and fraud, individuals affected by the PowerSchool data breach are advised to monitor their accounts regularly, freeze their credit, use identity theft protection services, enable two-factor authentication, and be cautious of phishing scams. Additionally, having strong antivirus software installed on all devices can help prevent cyberattacks and keep personal information safe.

The delay in notifying customers about the breach has raised concerns about PowerSchool’s handling of sensitive data and compliance with data privacy regulations. Many are calling for stricter regulations to hold companies like PowerSchool accountable for safeguarding sensitive information and promptly informing customers of security breaches.

As cybercriminals continue to target industries across the board, it is essential for companies to prioritize cybersecurity measures and take proactive steps to protect customer data. The PowerSchool data breach serves as a stark reminder of the importance of vigilance and readiness in the face of evolving cyber threats.