PowerSchool Data Breach Exposes Sensitive Information of Students, Teachers, and Parents

Hackers accessed personal data from the edtech giant's systems, including Social Security numbers and medical records, prompting security and privacy concerns.

• PowerSchool, a leading K-12 education software provider, confirmed a December 2024 cyberattack that compromised sensitive data of students, teachers, and parents across North America.
• The breach involved unauthorized access to PowerSchool's customer support portal using stolen credentials, allowing hackers to extract database tables containing personal information.
• Exposed data includes names, addresses, Social Security numbers, medical information, grades, and other personal details, with the extent varying by school district and customer.
• PowerSchool paid an undisclosed ransom to prevent the release of stolen data, claiming it has been deleted and not further replicated or disseminated, though doubts remain about long-term data security.
• Impacted individuals are being offered credit monitoring and identity protection services, while investigations by third-party cybersecurity experts, including CrowdStrike, are ongoing.

8 Articles

Fast Company The Philadelphia Inquirer Newsweek TechCrunch Global News The Register TechCrunch BleepingComputer