The education technology company PowerSchool recently disclosed a major data breach that has affected millions of students and teachers across the United States and Canada. According to the hacker responsible for the breach, personal data of 62.4 million students and 9.5 million teachers was stolen from PowerSchool’s systems. PowerSchool, which provides cloud-based software solutions for K-12 schools and districts, discovered the breach on January 7th.
The hacker gained access to PowerSchool’s customer support portal using stolen credentials and then used a maintenance tool to download student and teacher data from the PowerSIS databases of various school districts. While PowerSchool has not provided specific numbers, they confirmed that sensitive information such as Social Security Numbers, medical information, and grades were stolen for a subset of the affected students. The company paid a ransom to the hacker in an attempt to prevent the stolen data from being leaked.
Sources indicate that the breach impacted 6,505 school districts across the US, Canada, and other countries. Some of the largest affected districts include Los Angeles Unified School District, Chicago Public Schools, and the Toronto District School Board. PowerSchool emphasized that the type of data exposed varies per district, with less than a quarter of impacted students having their Social Security Numbers exposed.
Powerschool data breach impact
Both cloud-based and on-premise PowerSchool SIS customers were affected. In response to the breach, PowerSchool is offering two years of complimentary identity protection services and credit monitoring to all impacted individuals.
The company will also handle notifications to State Attorney General’s offices, educators, students, parents, and other stakeholders on behalf of their customers. PowerSchool has engaged the cybersecurity firm CrowdStrike to investigate the incident. A report detailing the findings was expected to be released on January 17th but has been delayed as CrowdStrike finalizes the forensic analysis.
The breach has raised concerns among parents, teachers, and school administrators about the security of student data. PowerSchool has set up a dedicated page to provide updates and support to those affected by the incident. As the investigation continues, the full extent of the breach and its potential consequences for students and educators will become clearer.
This incident serves as a reminder of the importance of robust cybersecurity measures to protect sensitive personal information in the education sector.
