PowerSchool, a leading provider of cloud-based education software, announced a significant data breach affecting K-12 districts across the U.S. on Tuesday.
The company, founded in 1997 and acquired by Bain Capital for $5.6 billion in 2024, serves over 60 million students and 18,000 customers globally. This incident has raised security concerns among educators and parents alike.
Read also: TymeBank and Moniepoint: The fintech champions transforming Africa’s informal markets
Details of the breach
PowerSchool revealed that hackers accessed its PowerSource customer support portal on December 28, 2024.
Using compromised credentials, they exported sensitive information from the PowerSchool SIS database, including names, addresses, and potentially Social Security numbers and grades.
A spokesperson stated, “The unauthorised party was able to use a compromised credential to access one of our community-focused customer support portals, PowerSource.”
While PowerSchool has assured that not all customers were affected, the breach still poses a risk to many. Some districts’ stolen data included personally identifiable information (PII) and medical records.
The company is working with cybersecurity experts to investigate the incident and promised transparency throughout the process.
Read also: Celsius founder Alex Mashinsky confesses to crypto fraud scheme
Community response
The breach has sparked concerns among school district officials.
Alabama State Superintendent Eric Mackey commented, “This was an international incident in which PowerSchool was hit off-site… we’re still working with PowerSchool on specifics.”
Many educators worry about the implications for student privacy and data security.
In response to the breach, PowerSchool is guiding affected customers in determining if their data was compromised.
They are also collaborating with cybersecurity firm CrowdStrike to finalise a report by January 17, 2025. The FBI is investigating the matter as well.