Crazy amounts of damage being done by info stealers lately, this is worth a read: https://t.co/uQXOBUPmoV
— Troy Hunt (@troyhunt) January 18, 2025
PowerSchool, a major provider of cloud-based education software for K-12 schools, recently suffered a data breach that has affected schools worldwide. The company discovered the breach on December 28 and notified affected schools on January 7.
Romy Backus, who manages the PowerSchool SIS system at the American School of Dubai, received the notification email and immediately started investigating the extent of the breach at her school.
PowerSchool’s initial communication lacked specific details, leaving schools scrambling to determine what data had been compromised.
Up to 50 million students’ Social Security numbers could be exposed after a PowerSchool breach in December. Learn more: https://t.co/9uP184bgFI
— LifeLock (@LifeLock) January 17, 2025
As school administrators sought answers, Backus quickly figured out what data was stolen from her school and noticed a pattern in the breach. She created a how-to guide with steps to investigate the incident and shared it with other PowerSchool administrators through WhatsApp group chats and a support forum.
Her document went viral within the PowerSchool community, being viewed more than 2,500 times.
Security incident involving malware stealing a PowerSchool software engineer's passwords prior to its cyberattack. While likely unrelated to the breach, it raises further doubts about the ed-tech giant's security practiceshttps://t.co/6zUUOcKOv8
— Urban Teacher (@urban_teacher) January 18, 2025
Other administrators, like Adam Larsen from Community Unit School District 220 in Oregon, Illinois, also shared their insights to help others.
PowerSchool breach: school collaboration shines
This grassroots effort showcased the solidarity and collaboration among school workers in response to PowerSchool’s slow and incomplete communication. Two East Tennessee school districts, Scott County Schools and Hamblen County Schools, have confirmed that they were affected by the breach. The stolen data includes contact information, dates of birth, medical alert information, and Social Security numbers for students and employees.
Scott County’s Director of Schools, Bill Hall, stated that the district is taking proactive steps to protect data in the future and emphasized PowerSchool’s responsibility in the incident. PowerSchool is offering those affected two years of credit monitoring from Experian. In Central Georgia, the data breach could affect students and staff at five school districts: Bleckley County, Wilkinson County, Dodge County, Wilcox County, and Wheeler County.
These districts have a combined total of roughly 13,000 students and staff. PowerSchool has hired external cybersecurity experts to assist with the investigation and may offer those affected credit monitoring or identity protection services. Currently, there is no indication that the stolen information has been leaked online.
