PowerSchool, an edtech giant used by over 50 million students in the US, was hit by a cyberattack in December that compromised customer support portal credentials, allowing hackers to access sensitive student and teacher data. The breach has affected multiple school districts across the country, with some reporting that hackers accessed “all” of their historical student and teacher data.
The attackers, who have not been publicly identified, accessed demographic data for all teachers and students, both active and historical, as long as the district has used PowerSchool. This includes names, addresses, Social Security numbers, medical information, and other personally identifiable information.
PowerSchool’s CEO did not dispute the accounts of affected school districts but declined to discuss its security controls, citing company policy. The company claims it took “appropriate steps” to prevent further data publication and deleted the stolen data without replication or dissemination. However, PowerSchool has not provided specifics on what measures were taken or evidence that the data was deleted.
The breach is believed to affect more than just PowerSchool’s 18,000 active customers, with some districts reporting a much larger number of affected students, ranging from four- to ten-times higher than the number of actively enrolled students. The company has identified the schools and districts involved but declined to publicly share their names.
Source: https://techcrunch.com/2025/01/15/powerschool-data-breach-victims-say-hackers-stole-all-historical-student-and-teacher-data