A massive data breach at PowerSchool, a popular education technology platform, has left millions of students’ and teachers’ personal records exposed. The breach, discovered on December 28, affected schools worldwide, including the American School of Dubai, where one employee, Romy Backus, works.
PowerSchool notified its customers, including schools in North America, that hackers had accessed a cloud system housing sensitive information, such as Social Security numbers, medical records, and grades. The company claims to have alerted its customers quickly, but their communication was criticized for lacking actionable information, leaving many to figure out the extent of the breach on their own.
Backus, who manages her school’s PowerSchool SIS system, received an email from the company on January 7. She immediately triggered her school’s protocols and started investigating the breach, only to find that PowerSchool was not providing concrete information about the incident. Undeterred, Backus created a comprehensive guide sharing steps to take in case of a data breach, including how to investigate and determine if a system had been compromised.
The document, which has gained traction within the PowerSchool community, has been shared widely among school workers and administrators across the Middle East, Europe, and North America. It is estimated that over 2,500 people have viewed the document, with several sharing its full web address on Reddit and other closed groups.
PowerSchool’s slow response to the incident has led some schools to resort to crowdsourcing support from their peers. Doug Levin, co-founder of the K12 Security Information eXchange (K12 SIX), praised this collaborative effort, saying it is common in the education sector but crucial for a large-scale breach like this one.
PowerSchool’s spokesperson, Beth Keebler, expressed gratitude for customers’ patience and appreciation for those who have helped peers share information. The company will continue to do the same, acknowledging that its security community relies on open collaboration to respond to incidents effectively.
Source: https://techcrunch.com/2025/01/18/how-victims-of-powerschools-data-breach-helped-each-other-investigate-massive-hack