PowerSchool Confirms Data Breach in K-12 Districts via PowerSource Portal, Pays Ransom

Jan 9, 2025, 12:07 AM

PowerSchool, a leading education software provider, has confirmed a cybersecurity breach that compromised the personal data of students and teachers across numerous K-12 school districts in the United States. The breach occurred through the company's PowerSource customer support portal, which was accessed using a compromised credential on December 28, 2024. The stolen data, extracted from the PowerSchool SIS database, includes contact information such as names and addresses, and for some districts, it may also encompass Social Security numbers, medical information, grades, and other personally identifiable information. PowerSchool, serving over 60 million students and used by more than 18,000 customers, has not disclosed the exact number of affected individuals. The company has engaged third-party cybersecurity experts to investigate and mitigate the incident, and it has paid a ransom to prevent the data from being released. PowerSchool is offering credit monitoring services to affected adults and identity protection services to minors. The breach has impacted various school districts, including those in Massachusetts, Idaho, South Carolina, and the Greater Toronto Area.