PowerSchool, a leading provider of student information systems for K-12 schools across the U.S., has experienced a significant data breach affecting student and teacher records. Hackers gained access to the company’s customer support portal in December, compromising current and historical data stored in school systems.
School districts have reported sensitive personal information, including Social Security numbers, addresses, and academic records was accessed.
While PowerSchool has stated that multi-factor authentication (MFA) was in place, affected districts claim the system lacked adequate protections. The company has not disclosed how many schools or districts were impacted, leaving affected communities to release details independently as investigations continue.
Why It Matters: The breach exposes vulnerabilities in the educational technology sector, which holds highly sensitive data. The long-term risks include identity theft and unauthorized access to private information. The breach also raises concerns about the length of time student and teacher records are stored and whether retention policies need stricter oversight.
- Extensive Historical Data Breached: Hackers accessed a wide range of sensitive information, including names, addresses, Social Security numbers, grade information, and even some medical details. Some school districts confirmed the breach, including data dating back to the 2009–2010 school year.
- Current and Former Students Affected: The attack wasn’t limited to active students and staff, districts reported that former student’s and employees’ records were also compromised. Some districts estimate the number of affected individuals to be as much as ten times their current student population.
- Security Failures Highlighted: Despite PowerSchool’s assertion that it uses multi-factor authentication, district officials criticized the lack of sufficient protections. Logs reportedly showed unauthorized access that began earlier than PowerSchool initially claimed.
- Districts Sound the Alarm: School districts have begun filing official breach notices and releasing information about the incident. The Rancho Santa Fe School District in California confirmed that hackers also accessed teachers’ login credentials alongside student records.
- Public Disclosures: Menlo Park City School District in California revealed that the hackers accessed all records on current and former students and staff dating back over 14 years. This confirms fears that the breach affected the core student information system storing records for years.
PowerSchool data breach exposes millions of student and teacher records – Fox News