PowerSchool, a leading U.S. edtech company, has begun notifying individuals impacted by a significant data breach that occurred in December 2024. The breach likely affects millions of students and teachers across North America, as hackers gained access to the company’s customer support portal using a stolen account credential. This breach exposed sensitive personal data, including that of more than 62 million students and 9.5 million teachers. PowerSchool confirmed that the compromised account lacked multi-factor authentication, which could have prevented unauthorized access.
As part of the legal requirements, PowerSchool has already filed breach notifications with various state authorities, including Maine’s attorney general, where over 33,000 residents have been confirmed as affected.
The company is still reviewing the full extent of the breach and has yet to disclose an exact number of individuals impacted. PowerSchool’s data review process has been complicated by the need for cooperation with on-premises customers, leading to uncertainty about the final count and the specifics of the data stolen.
The breach has led to significant concerns among affected school districts, which have had to collaborate to understand the scope and impact of the incident. Sensitive data, including parental access rights, medical information, and historical student records, were reportedly compromised. Among the worst-hit entities is the Toronto District School Board (TDSB), where nearly 1.5 million student records were accessed. Other districts, including the Calgary Board of Education and West Ada School District in Idaho, have also confirmed data theft.
While PowerSchool is continuing to investigate and provide updates to state attorneys general, many details remain unclear. The company has not confirmed whether a ransom was paid or provided any information regarding the perpetrators. Affected school districts are notifying individuals whose personal information was exposed, including sensitive data related to students’ health, grades, and legal status. PowerSchool is facing growing scrutiny over the breach, and many affected school districts are working independently to assess the full extent of the damage.
