PowerSchool data breach exposed student Social Security numbers, grades

PowerSchool data breach overview:

• Who: PowerSchool, the largest provider of cloud-based education software for K-12 students in the United States., confirmed hackers accessed its customers’ information in a recent data breach.
• Why: The company attributed the breach to hackers using a stolen credential to break into its internal customer support portal. 
• Where: The PowerSchool data breach affected consumers nationwide. 

Cloud-based education company PowerSchool disclosed hackers accessed its customers’ personal information in a recent data breach.

PowerSchool confirmed the breach in a letter sent to affected customers this week, reports TechCrunch.

The education technology company reportedly attributed the data breach to hackers using a stolen credential to break into its internal customer support portal affecting users of its school information system, which is used to manage student records, grades, attendance and enrollment.

While the stolen data primarily includes contact details, PowerSchool warned hackers also got access to Social Security numbers, some medical and grade information and other unspecified personally identifiable information belonging to students and teachers, according to TechCrunch.

The personal information of parents and guardians — including names, phone numbers and email addresses — was also potentially compromised in some school districts, according to PowerSchool, which reportedly said the types of stolen data varies by customer.

PowerSchool paid hackers to prevent them from publishing stolen data

PowerSchool claims it has taken “all appropriate steps” to prevent the data exposed in the data breach from being misused, and that it does not anticipate the data will be “shared or made public,” reports TechCrunch. 

“PowerSchool believes the data has been deleted without any further replication or dissemination,” said PowerSchool spokesperson Beth Keebler, as reported by TechCrunch. 

The company, while reportedly claiming the security incident was not related to ransomware, said it worked with CyberSteward, a Canadian organization that offers cyber-extortion services, to negotiate with the threat actors responsible for the breach. 

PowerSchool’s software is used by more than 16,000 customers to support more than 50 million students across North America, according to the company. 

In other data breach news, a plaintiff filed a class action lawsuit against Columbia University late in 2024 over claims the school failed to protect the sensitive information of students and employees during a May 2023 data breach. 

Are you affected by the PowerSchool data breach? Let us know in the comments.

Read About More Class Action Lawsuits & Class Action Settlements:

• Washington AG files lawsuit against T-Mobile over 2021 data breach
• H&R Block class action alleges negligence in data breach
• Visionworks data breach compromised info of about 40K customers, class action claims
• Norwex class action claims data breach exposed personal identifying info