(Newsnation) – A leading company in the field of educational technologies was the target of a data security flaw last month, potentially exhibiting sensitive data from millions of students and teachers, in particular social security numbers and medical information.
Powerschool, the largest educational software supplier based on the cloud for primary and secondary education in the country, informed the schools of the incident at the beginning of the month, but the extent of the cyber attack is still visible.
A new Bleeping Composting report, an information media on cybersecurity, indicates that the data violation received more than 62 million students and more than 9.5 million teachers in 6,500 school districts.
Powerschool hacking exposes data from Indiana students
These figures would come from an extortion request sent by the IT pirate to the company.
A Powerschool spokesperson has neither confirmed nor reinforces the figures in an email sent to Newsnation, but the company’s website indicates that it supports more than 60 million students worldwide.
Here is what we know about the PowerSchool data violation and what information has been exposed.
What happened?
Powerschool said that he had read the violation for the first time on December 28 after the flight of customer data of his information system on Powerschool students (SIS) via his Powersource assistance portal.
Powerschool SIS is an information system on students that schools and districts use to manage the notes, follow the attendance, registration and other students’ files.
The pirates have accessed the portal using compromised identification information and stole the data using an “export data manager,” said BleepingCompute.
Cyberattacks are expensive and can be fatal: cybersecurity expert
Powerschool would have paid a ransom to prevent private flight from stolen data and would have seen a video of the computer pirate claiming to delete the data.
A company spokesman did not specify if she had paid a ransom, but the main districts affected by the violation said that he had been informed that all the downloaded data had been destroyed.
The company revealed the incident to its customers on January 7 and said that the districts and schools that do not use Powerschool SIS were not affected.
What information was exposed?
Stolen data mainly contains contact information such as names, addresses and birth dates. However, it could also include more sensitive information such as social security numbers and “limited medical alert information”, according to Powerschool.
A company spokesperson said in Newsnation that most of the individuals, more than three-quarters, did not have a social security number exposed during the violation.
The type of data on display varies according to the district due to the various state and district policies, but there is no evidence that credit card or banking information has been involved, said Powerschool.
Some districts have revealed what data had been stolen. In Lake Forest, Illinois, two districts declared in a public opinion that the following information on the students had been consulted:
-
Student name and identification number
-
Parent contact details/legal guardian
-
Registration dates and withdrawal reasons
-
Doctor’s name and phone number
-
Limited medical alert information (for example, allergies)
-
Existence of an IEP or 504, no details on the plan or information on eligibility
-
Student school and main class
The staff also had information such as their names, the most recent email addresses in the department and the school, the districts said.
In total, around 20,000 students and staff members, current and former, were consulted between the two districts. However, sensitive data such as social security numbers and insurance information has not been compromised.
Teachers from other regions of the country were not so lucky.
In North Carolina, around 312,000 social security numbers were exposed during this violation, according to Wral News.
Who was the data stolen from?
The company did not want to say how many districts and schools were involved in the violation when Newsnation asked him.
BleepingCompute reported Wednesday that data violation affected 62,488,628 students and 9,506,624 teachers in more than 6,500 school districts in the United States, Canada and other countries.
Powerschool has not confirmed these figures, but they agree with the affirmations published on the company’s website.
Powerschool says its software is used by more than 18,000 customers to support more than 60 million students worldwide. According to Techcrunch, the company serves more than 75 % of students in North America.
In some places, such as the Memphis-Shelby school district in Tennessee, a Powerschool account is required to register, according to Fox13 Memphis.
“We have no choice,” said a parent. “If this information can be disclosed, it’s serious.”
Today, the school district is among the most affected, with more than 485,000 students and 54,000 information on the teachers on display, reported BleepingCompute.
The unified school district of San Diego, the second largest school district in California, also informed families that the data of its students had been trapped by the violation.
In Texas, the independent school district of Dallas published an opinion earlier this month indicating that it was affected by the incident.
Among the other major districts affected are the schools of Charlotte-Mecklenburg and the Public School School of Wake County (WCPSS) in North Carolina.
The WCPSS said that the potentially concerned data include the social security numbers of certain employees as well as their postal addresses and other personal information. The school system said that no students’ social security number had been consulted, but that their names, birth dates and postal addresses could be.
What do we do about it?
The company does not think that there is a permanent risk and said that there was no evidence of malicious software or a “continuous unauthorized activity”.
Powerschool said that she was still working to finish her investigation and set up a system to provide resources to those who may have been affected.
Parents and tutors whose pupils’ data has been exhibited will receive a Powerschool notification email “in the coming weeks,” said the company.
Powerschool indicates that it will also offer 2 years of free identity protection and credit monitoring services to all the students and educators concerned.
“We are committed to learning the lessons from this incident, to become stronger and more resilient as a business after having lived it – and, more importantly, we are committed to serving our customers and our common communities,” said Declared a company spokesperson in an email.
You can monitor updates and learn more about the incident on the public website set up by Powerschool.
Copyright 2025 Nexstar Media, Inc. All rights reserved. This material cannot be published, broadcast, rewritten or redistributed.
For the latest news, weather, sports and streaming videos, go to The Hill.
