PowerSchool Data Breach: Hackers Steal Students’ Sensitive Information, Including Social Security Numbers
In a significant data breach, PowerSchool, a leading name in the edtech industry, has alerted its clients that sensitive personal information has been compromised. This incident raises serious concerns about the security of student data, including Social Security numbers, grades, and medical records, which were accessed by hackers.
Overview of the PowerSchool Data Breach
According to an FAQ shared with affected customers, PowerSchool confirmed that the breach occurred in December and involved unauthorized access to highly sensitive information. The company has acknowledged the breach and is actively working on addressing the situation.
How the Breach Occurred
The hackers infiltrated PowerSchool’s internal customer support portal using stolen credentials. This breach impacts users of PowerSchool’s comprehensive school information system, widely used by educational institutions to manage:
- Student records
- Grades
- Attendance
- Enrollment
Types of Compromised Data
PowerSchool disclosed that the breach involved a range of sensitive data, including:
- Contact details such as names and addresses
- Social Security numbers
- Medical information
- Academic records
- Other personally identifiable information
Additionally, the personal information of parents and guardians, including names, phone numbers, and email addresses, may also have been compromised in certain school districts. The exact nature of the stolen data varies by customer.
Response to the Breach
PowerSchool has confirmed that the incident was not a ransomware attack. The company collaborated with CyberSteward, a Canadian cyber-extortion incident response organization, to negotiate with the attackers. Reports suggest that PowerSchool may have paid a financial sum to deter the hackers from releasing the stolen data.
Company Statements and Future Precautions
Spokesperson Beth Keebler confirmed the details shared in the FAQ but did not specify how many individuals were affected by the breach. PowerSchool, which serves over 16,000 educational clients and supports more than 50 million students across North America, emphasized that it has taken all necessary measures to prevent further misuse of the compromised data.
Keebler stated, “PowerSchool believes the data has been deleted without any further replication or dissemination.” However, the company did not provide evidence to support this claim when questioned.
Acquisition and Current Situation
In 2024, PowerSchool was acquired by Bain Capital for a substantial $5.6 billion. When contacted regarding the breach, Bain Capital did not offer any additional comments.
Stay Informed
If you have any information regarding the PowerSchool data breach, we encourage you to share it. For secure communications, you can contact Carly Page via Signal at +44 1536 853968 or email at [email protected].
For more information on data security and breaches, visit TechCrunch or explore other resources on protecting personal information.
