PowerSchool data breach exposes millions of student and teacher records

Now, education technology giant PowerSchool has become the latest target, with records of millions of students and teachers stolen.

While the exact number of affected individuals remains unknown, the scale of the breach is alarming.

PowerSchool serves 18,000 customers worldwide, including schools in the U.S. and Canada, managing grading, attendance and personal information for over 60 million K-12 students and teachers.

PowerSchool SIS is a student information system used for managing grades, attendance, enrollment and other student records. Hackers accessed the PowerSource portal using stolen credentials and used an "export data manager" tool to steal information.

The company said this wasn't a ransomware attack or a result of software flaws, but rather a straightforward network break-in. The company has hired a third-party cybersecurity firm to investigate the breach, figure out what happened and determine who was affected.

PowerSchool confirmed the stolen data primarily includes contact details like names and addresses. However, for some districts, the data may also include sensitive information such as Social Security numbers, personally identifiable information, medical records and grades.

The company said customer support tickets, credentials and forum data were not accessed or stolen during the breach. PowerSchool also emphasized that not all SIS customers were affected and expects only a subset of customers will need to notify those affected.

"We do not anticipate the data being shared or made public, and we believe it has been deleted without any further replication or dissemination," the developer told customers in a notice.

"We have also deactivated the compromised credential and restricted all access to the affected portal. Lastly, we have conducted a full password reset and further tightened password and access control for all PowerSource customer support portal accounts."

PowerSchool said affected adults will be offered free credit monitoring, while minors will receive subscriptions to an unspecified identity protection service.

1. Monitor your accounts regularly: Keep a close eye on your bank accounts, credit cards and any online services linked to your personal information. Watch for unauthorized transactions or changes to your accounts that could signal misuse of your data.

2. Freeze your credit: If your Social Security number or other sensitive details were compromised, consider placing a credit freeze with major credit bureaus like Equifax, Experian and TransUnion. This prevents potential identity thieves from opening new accounts in your name.

3. Use identity theft protection services: Take advantage of any identity protection services offered by PowerSchool as part of its breach response. These services can alert you to suspicious activity and provide support if your identity is stolen.

5. Be aware of phishing links and use strong antivirus software: Cybercriminals often use phishing scams to exploit data breaches. Avoid clicking on suspicious links in emails or text messages, especially those claiming to be from PowerSchool or your school district.

You can blame hackers for this breach, but PowerSchool shares the responsibility for failing to adequately protect sensitive data. The company may also be in violation of data privacy agreements it signed with school districts, as well as federal and state laws designed to safeguard student privacy. What's more concerning is that PowerSchool took nearly two weeks to notify its customers about the breach. Schools are now left scrambling to assess the full extent of the intrusion. This delay is not just irresponsible; it puts students, parents and teachers at heightened risk of cyberattacks and identity theft.

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com.  All rights reserved.