The PowerSchool Hack Could Have Compromised the Data of More Than 70 Million Users
Major data breaches and cybersecurity threats are now a reality, resulting in the exposure of our personal information at some point. One of the latest significant breaches involves data from PowerSchool, a software provider for thousands of K–12 school districts in the United States and Canada. The incident affected millions of users.
What happened during the PowerSchool hack
According to reports , on December 28, 2024, PowerSchool discovered that personal information had been stolen from its customer support platform. Hackers used compromised credentials to log into and export from the Students and Teachers database.
BleepingComputer reports that the hack may have compromised the personal information of 62.4 million students and 9.5 million teachers in 6,505 school districts. The stolen data includes contact information (such as names and addresses), as well as dates of birth, Social Security numbers, medical information and evaluations, although details vary depending on the affected areas. PowerSchool estimates that less than 25% of people have had their Social Security numbers stolen.
While the incident was not a ransomware attack, PowerSchool said the company paid the hackers to prevent the compromised data from being published. The company began notifying affected customers on January 7, 2025.
What can you do if your data has been stolen?
As I wrote earlier , you cannot return information that has been leaked. used in a malicious manner. This includes monitoring your credit report and confidential accounts for unfamiliar or fraudulent activity, and considering credit monitoring and identity protection services that will notify you of anything suspicious.
For those affected by this recent hack, PowerSchool is offering two years of identity protection services to all students and teachers (regardless of whether your Social Security number was compromised) through Experian. The company will also provide two-year credit monitoring for individuals over 18 years of age. According to the Jan. 17 incident report , PowerSchool and Experian will be contacting customers, including parents and guardians of students under 18, in the coming weeks about setting up these services.
Of course, you should also follow other basic security guidelines: don’t click on strange links or engage in communications asking for your personal information. When in doubt, hang up, delete the text, or mark the email as spam and contact the company directly to confirm any requests. (Please note that PowerSchool will not contact you directly by phone or email to request or confirm your personal information.)