HQ/EMEAFind out how we can help your business
PowerSchool, a leading cloud-based K-12 software provider, has begun notifying individuals affected by a significant data breach that occurred in December 2024. The breach compromised the company’s customer support portal, PowerSource, allowing attackers to steal sensitive information from 6,505 school districts.
A hacker claims to have stolen data on 62.4 million students and 9.5 million teachers from PowerSchool.
Although PowerSchool claims only a subset of its customers were affected, a threat actor has alleged that they stole the personal data of 62.4 million students and 9.5 million teachers. The compromised information varies by district and includes full names, addresses, contact details, Social Security numbers (SSNs), medical records, and student grades.
Despite the massive scale of the incident, PowerSchool has not officially disclosed the total number of individuals impacted. However, regulatory filings in Maine reveal that 33,488 people were affected in that state alone.
PowerSchool has started reaching out to current and former students, their parents and guardians, as well as educators across the United States, Canada, and other international locations. The company is also coordinating with Attorneys General Offices in various U.S. jurisdictions and Canadian regulators to meet legal notification requirements. A separate update is expected later for international customers.
Individuals affected by the breach will be informed if their SSNs or medical data were stolen, depending on their school district. To mitigate potential risks, PowerSchool is offering free identity theft protection and credit monitoring to impacted students and teachers.
Although cybersecurity companies help with the investigation, a thorough report outlining the attack’s entire scope has not yet been released. Both victims and cybersecurity professionals are concerned about this lack of transparency.
The actual scope of the hack is yet unknown, as attackers are allegedly claiming a significantly larger impact than PowerSchool admits. Affected parties are asked to exercise caution and take the required safety measures to protect their data while investigations are ongoing.
