PowerSchool, a leading U.S.-based education technology provider, has begun notifying students, teachers, and other affected individuals following a massive data breach that occurred in December 2024.
The breach, which compromised sensitive personal information, is one of the largest cybersecurity incidents to impact the education sector in recent years.
The breach occurred when attackers gained unauthorized access to PowerSchool’s customer support portal using stolen credentials.
This allowed them to extract data from the company’s Student Information System (SIS), which is widely used across North America to manage student records, grades, and attendance.
Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free
The compromised data includes names, addresses, Social Security numbers (SSNs), medical information, and academic records. While PowerSchool serves over 60 million students globally, it remains unclear how many individuals were directly impacted.
However, hackers claim to have stolen the personal data of approximately 62.4 million students and 9.5 million educators.
PowerSchool has started notifying affected individuals and regulatory authorities in compliance with legal requirements. In Maine alone, over 33,000 residents were confirmed to have been affected by the breach.
The company is offering two years of complimentary credit monitoring and identity protection services to all impacted individuals, regardless of whether their SSNs were involved. This measure aims to mitigate potential risks such as identity theft and fraud.
PowerSchool’s official statement emphasized its commitment to transparency and support for affected communities. “We care deeply about the students, teachers, and families we serve and are wholeheartedly committed to supporting them,” said a company spokesperson.
The organization has also engaged third-party cybersecurity experts to investigate the incident and strengthen its security measures.
Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar
A critical security vulnerability has been discovered in ASUSTOR backup and synchronization software, allowing attackers…
Microsoft has introduced a practical new feature in Windows 11 designed specifically for public-facing monitors…
SonicWall has disclosed a critical stack-based buffer overflow vulnerability in its SonicOS SSLVPN service. That…
OpenAI has launched GPT-5.1-Codex-Max, a specialized coding model designed to handle complex development tasks autonomously. The…
The U.S. Department of the Treasury, Australia, and the United Kingdom have announced coordinated sanctions…
Salesforce has issued a critical security alert identifying "unusual activity" involving Gainsight-published applications connected to…