PowerSchool SIS Data Breach: What parents, students, and teachers need to know

Posted on February 7, 2025

The PowerSchool data breach, which was discovered on December 28, 2024, has turned out to be more drastic than initially reported. Hackers used stolen information to access the PowerSchool Student Information System (SIS) through its PowerSource support portal. From there, they exported and took entire “Students” and “Teachers” database tables. The breach may have impacted up to 62 million students and 9.5 million teachers, spanning both current and past records from districts that have used PowerSchool at any point.

The stolen data varies by district but includes names, addresses, and in some cases, Social Security numbers, personally identifiable information (PII), medical records, and student grades. While PowerSchool swears this was not a ransomware attack, the company admitted to paying a ransom and receiving a video showing the data supposedly being erased. However, those with cybersecurity expertise warn there is no way to guarantee the erasure was complete or that the data won’t be found.

PowerSchool has contracted CrowdStrike and other cybersecurity firms to look into the breach, rotated all customer support passwords, and implemented tougher security measures. Also, it is offering credit monitoring for affected adults and identity protection services for kids.

Schools and parents are being urged to take precautionary steps, such as monitoring their credit, enabling two-factor authentication, and staying aware of phishing attempts. Some districts have given their own guides to figure out if they were affected, and PowerSchool is expected to release a final report on the matter as soon as possible.