A staggering number of over 70 million students and teachers have experienced their personal data fall victim to theft when PowerSchool security suffered a massive breach in 2024.
An unprecedented cyberattack
Cloud-based educational software provider PowerSchool experienced a historic cyberattack which occurred on December 28, 2024. The attacker who descended on the company’s systems shed light on this hack by showing that it exposed data from more than 70 million students and employees.
Hacking of personal data
The attack exposed personal data of 62.4 million students and 9.5 million teachers according to BleepingComputer. Through credentials they had acquired the hackers invaded PowerSchool’s customer support portal. The maintenance access tool enabled hackers to extract data directly from PowerSIS databases serving the districts.
The attack’s aftermath together with the response initiatives
After paying a ransom PowerSchool found solace from data exposure yet the hacker declared all stolen data had been deleted. A comprehensive evaluation of the data needs additional depth to investigate SIS databases that span cloud storage and physical infrastructure but requires cooperation between districts to exchange information for proper analysis.
PowerSchool provided students along with district employees two free years of identity theft protection and credit monitoring coverage as part of their breach response. As part of their security measures PowerSchool promises to deliver breach notices to each affected school district’s local Attorney General.
What to do now?
School district notifications about data breaches require students to follow PowerSchool enrollment instructions for free identity theft protection and credit monitoring services. Information regarding the incident can be found on the PowerSchool website incident page.