In today’s digital landscape, significant cybersecurity incidents and data leaks are an unfortunate reality, frequently resulting in the exposure of personal information. A notable recent occurrence pertains to PowerSchool, a prominent software company servicing numerous K–12 educational districts across the United States and Canada. This breach impacted millions of users, raising significant concerns about data privacy.

Details of the PowerSchool Incident

As highlighted by various news sources, the breach came to light on December 28, 2024, when PowerSchool determined that sensitive data had been compromised from its support platform. Cybercriminals utilized stolen credentials to access and extract information from the databases encompassing “Students” and “Teachers.”

Reports from BleepingComputer indicate that the breach potentially affected the personal details of approximately 62.4 million students and 9.5 million teachers across approximately 6,505 school districts. The information accessed by attackers includes critical data such as names, addresses, birth dates, Social Security numbers, health records, and academic performance, although the extent of the stolen data varies by district. PowerSchool estimates that less than 25% of those affected had their Social Security numbers taken.

Despite not being categorized as a ransomware incident, PowerSchool disclosed that it made a payment to the hackers to stop the disseminating of the stolen information. Notifications to those affected commenced on January 7, 2025.

Steps to Take if Your Information Was Compromised

Addressing a data breach is challenging; once information is leaked, it cannot be retrieved. Given the high likelihood that personal data has been exposed at some point, vigilance is critical. Monitoring credit reports and sensitive accounts for unauthorized transactions is essential. Considering credit monitoring services and identity theft protection can also be beneficial, as they offer alerts for suspicious activities.

For those affected by this data breach, PowerSchool is providing two years of identity protection through Experian for all students and teachers, irrespective of whether their Social Security number was breached. Additionally, individuals over 18 will receive two years of credit monitoring. An update on January 17 indicated that both PowerSchool and Experian would reach out to customers—parental figures included—for guidance on utilizing these services in the upcoming weeks.

Additionally, adhering to basic cybersecurity practices is vital: Avoid clicking on unfamiliar links or responding to messages requesting personal details. If there’s any uncertainty, it’s advisable to terminate the call, discard the text, flag any emails as spam, and directly contact the institution to verify any requests. Remember that PowerSchool will never reach out directly via phone or email to request personal information.