Cybercriminals relentlessly attack all industries, targeting sectors such as healthcare, insurance, automotive, and education. Healthcare is a frequent target, with attacks such as the Ascension breach last year and the CVR incident in late 2024.
Now, education technology giant PowerSchool is the latest target, with millions of student and teacher records stolen.
Although the exact number of people affected is unknown, the scale of the breach is alarming.
PowerSchool serves 18,000 customers around the world, including schools in the United States and Canada, and manages performance, attendance, and personal information for more than 60 million K-12 students and teachers.
We’re giving away the latest and greatest Airpods Pro 2
children working on laptop (Kurt “Cyber Guy” Knutson)
How hackers targeted PowerSchool
PowerSchool disclosed the cybersecurity breach to customers on January 7th. peepee computer. The company said it discovered the breach on Dec. 28 after customer data on its PowerSchool SIS platform was stolen through the PowerSource support portal.
PowerSchool SIS is a student information system used to manage grades, attendance, registration, and other student records. The hackers used the stolen credentials to access the PowerSource portal and used the “Export Data Manager” tool to steal information.
The company said this was not a ransomware attack or software flaw, but a simple network intrusion. The company hired a third-party cybersecurity firm to investigate the breach, uncover what happened, and identify who was affected.
Illustration of a hacker at work (Kurt “Cyber Guy” Knutson)
Understanding brushing scams and how to protect yourself
What data was stolen?
The PowerSource portal includes functionality that allows PowerSchool engineers to access customer systems for support and troubleshooting. An attacker exploited this feature to export the PowerSchool SIS “Student” and “Teacher” database tables to a CSV file, which was then stolen.
PowerSchool confirmed that the stolen data primarily included contact details such as names and addresses. However, for some school districts, the data may also include sensitive information such as social security numbers, personally identifiable information, medical records, and grades.
What is artificial intelligence (AI)?
The company said no customer support tickets, credentials or forum data were accessed or stolen during the breach. PowerSchool also emphasized that not all SIS customers are affected and that it expects only some will need to notify affected customers.
“We do not expect the data to be shared or published and believe it has been deleted with no further reproduction or distribution,” the developer told customers in a notice.
“We have also deactivated the compromised credentials and restricted all access to the affected portals. Finally, we have implemented a complete password reset and password and access for all PowerSource Customer Support Portal accounts. We have further strengthened our controls.”
Power School said affected adults will be offered free credit monitoring, while minors will be offered enrollment in unspecified privacy services.
Illustration of a hacker at work (Kurt “Cyber Guy” Knutson)
Massive data breach exposes 3 million Americans’ personal information to cybercriminals
5 ways to stay safe from a PowerSchool data breach
The PowerSchool data breach highlights the importance of remaining vigilant about personal information. Here are five steps you can take to protect yourself.
1. Monitor your account regularly. Carefully monitor online services associated with your bank accounts, credit cards, and personal information. Be on the lookout for unauthorized transactions or account changes that may indicate data misuse.
2. Freeze your credit. If your Social Security number or other sensitive information has been compromised, consider placing a credit freeze with a major credit bureau such as Equifax, Experian, or TransUnion. This prevents identity thieves from opening new accounts in your name.
3. Use an identity theft protection service. Take advantage of the identity protection services PowerSchool offers as part of your breach response. These services alert you to suspicious activity and provide support if your personal information is stolen.
CLICK HERE TO GET FOX BUSINESS ON THE GO
One of the great things about some identity protection services is identity theft insurance of up to $1 million to cover your losses and legal costs, as well as white gloves from a US-based case manager to help you recover your losses. We have a fraud resolution team. Check out our tips and recommendations on how to protect yourself from identity theft.
4. Enable two-factor authentication (2FA). Please enable it whenever possible 2FA For online accounts. This adds an additional layer of security by requiring a second form of verification, such as a text code or app-generated token, to access your account.
5. Be wary of phishing links and use strong antivirus software. Cybercriminals often use phishing scams to exploit data breaches. Don’t click on suspicious links in emails or text messages, especially those that claim to be from PowerSchool or the school district.
The best way to protect yourself from malicious links is to install antivirus software on all your devices. This protection also warns you about phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best antivirus protection products of 2025 for Windows, Mac, Android, and iOS devices.
A flaw in Windows could allow hackers to break into your PC via Wi-Fi
Cart important points
While you can blame hackers for this breach, PowerSchool is also responsible for failing to adequately protect sensitive data. The company may also be violating data privacy agreements with school districts, as well as federal and state laws designed to protect student privacy. Even more concerning is that it took PowerSchool nearly two weeks to notify customers about the breach. The school is currently scrambling to investigate the full extent of the break-in. This delay is not just irresponsible. Students, parents, and teachers are at increased risk of cyberattacks and identity theft.
CLICK HERE TO GET THE FOX NEWS APP
Do you think companies like PowerSchool should face stricter regulations for handling sensitive data? Email us. Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report newsletter using the link below. Cyberguy.com/Newsletter
Ask your cart a question or let us know your story you’d like us to feature
Follow Cart’s Social Channels
Answers to CyberGuy frequently asked questions:
New from cart:
Copyright 2025 CyberGuy.com. Unauthorized reproduction is prohibited.
