Education technology giant PowerSchool has suffered a significant cybersecurity breach, compromising sensitive information belonging to millions of students, teachers, and parents.
The breach, disclosed on January 7, revealed that hackers exploited stolen credentials to access the company's support portal and extract personal data.
Over 60 Million Impacted in PowerSchool Security Breach: Details Revealed
PowerSchool, a leading provider of K-12 education software, discovered the breach on December 28, 2024.
Hackers used stolen login credentials to access the company's PowerSource support portal, which connects to its Student Information System (SIS). This platform stores and manages data such as grades, attendance, enrollment records, and personal details for over 60 million users worldwide.
The attackers utilized an export tool within the portal to retrieve data tables containing information about students and teachers.
The breach was not due to a ransomware attack or software vulnerability but rather a direct network infiltration using compromised credentials.
According to PowerSchool, the stolen data primarily includes names, addresses, and contact details. However, in some cases, the breach also exposed sensitive information such as Social Security numbers, medical records, and grades, Yahoo said.
Parents' and guardians' information, including phone numbers and email addresses, may have also been compromised in certain school districts.
While not all PowerSchool customers were affected, the exact number of impacted individuals remains unclear. The company assured users that customer support tickets, forum data, and account credentials were not accessed during the breach.
PowerSchool Offers Free Credit Monitoring After Hackers Steal Sensitive Data
PowerSchool has taken steps to mitigate the damage and prevent further incidents. These include deactivating the compromised credentials, resetting passwords, and strengthening security measures for all customer support accounts.
According to FoxNews, the company has enlisted a third-party cybersecurity firm to investigate the breach and identify affected individuals.
To support those impacted, PowerSchool is offering free credit monitoring services for adults and identity protection subscriptions for minors. The company also stated it does not expect the stolen data to be shared or made public, citing reports that the hackers deleted the data after retrieving it.
For those concerned about their information, experts recommend monitoring financial accounts, freezing credit if necessary, and enabling two-factor authentication for online accounts.
It's also important to be cautious of phishing emails and to use reliable antivirus software to safeguard against further attacks.
