According to several news outlets, PowerSchool, a cloud-based education system that is widely utilized by school districts in central Pennsylvania and nationwide to store data, was the target of a recent cyberattack that led to the fraudulent access to all of the company’s student and teacher data.
According to school district officials who spoke to TechCrunchandUSA Today, the data breach occurred in December 2024 when a PowerSchool customer service site was accessed using credentials that had been stolen. This gave the hackers access to all of the instructors’ and students’ personal information.
According to TechCrunch, over 50 million K–12 students in the US depend on PowerSchool services. However, PowerSchool did not publicly alert school districts until almost two weeks after the breach occurred, and it has not disclosed the number of its school customers impacted, according to USA Today.
The Carlisle Area School District, Middletown Area School District, and Williamsport Area School District are among the central Pennsylvania school districts that make use of PowerSchool’s services. PowerSchool’s data was compromised, not data stored on separate district networks.
Parents received a notification from the Williamsport district stating that the type of WASD data that was accessed within the PowerSchool system may include protected health information and/or sensitive student data, including names, addresses, demographic data, and social security numbers.
Additionally, the district enumerated Power School’s actions, which included:
As long as PowerSchool has been in place, one employee of an undisclosed school district with almost 9,000 children told TechCrunch that the actor or actors were able to obtain demographic information about all of the teachers and pupils, both current and past.
Additionally, according to that employee, PowerSchool neglected to implement basic security measures, such as two-factor authentication, to safeguard the compromised system.
When asked if PowerSchool used multi-factor authentication on its platforms, spokesperson Beth Keebler responded that the company does, but she did not elaborate, according to TechCrunch.
Bethlehem’s PowerSchool building on April 3, 2020.For lehighvalleylive.com, Saed Hindash
Names, addresses, Social Security numbers, health and academic records, and other personally identifiable information belonging to students and instructors were among the stolen material.
“We anticipate that the majority of involved customers did not have their Social Security numbers or medical information exfiltrated, though our data review is still ongoing,” Keebler told TechCrunchin in a statement on Tuesday.
According to USA Today, the stolen data also included student lunch balances, free and reduced meal classifications, and locker numbers and combinations. There was no exposure of credit card financial information.
The compromise may have impacted school districts that previously used PowerSchool services, indicating that information outside the company’s current 16,000 education customers may have been accessed, cautioned Mark Racine, CEO of a Boston-based education technology consulting firm.
According to Racine, some school districts in the US are reporting up to ten times as many impacted pupils as there are enrolled.
PowerSchool informed TechCrunchit this week that it has taken the necessary precautions to prevent the public distribution of the compromised data and that it believes the data has been erased without being replicated or shared further.
PowerSchool, however, declined to explain the proper course of action or how the business arrived at the conclusion that the stolen data had been erased.
According to USA Today, PowerSchool is investigating the data leak in collaboration with the FBI and cybersecurity company CrowdStrike.
According to the company’s website, over 75% of students in North America use PowerSchool’s cloud-based education software, making it the leading provider of K–12 education software in the US. In 2024, PowerSchool sold to Bain Capital for $5.6 billion.
Stories by
Madison Montag