Breaking News

PowerSchool data breach exposes millions of student and teacher records

Photo of admin admin8 hours ago
0 0 4 minutes read


Cyber ​​criminals do not spare the industrytargeting sectors such as healthcare, insurance, automotive and education. Healthcare is a frequent target, with attacks like the Ascension breach last year and the CVR incident in late 2024.

Now, education technology giant PowerSchool has become the latest target, with data on millions of students and teachers stolen.

While the exact number of affected individuals remains unknown, the scale of the breach is alarming.

PowerSchool serves 18,000 users worldwide, including schools in the US and Canada, managing grading, attendance and personal information for more than 60 million K-12 students and teachers.

I’M GIVING AWAY THE LATEST AND BEST AIRPODS PRO 2

Children are working on their laptops (Kurt “CyberGuy” Knutsson)

How hackers attacked PowerSchool

PowerSchool disclosed the cybersecurity breach to its users on January 7, as reported BleepingComputer. The company said it discovered the breach on Dec. 28, after customer data from its PowerSchool SIS platform was stolen through the PowerSource support portal.

PowerSchool SIS is a student information system used to manage grades, attendance, enrollment and other student records. Hackers accessed the PowerSource portal using stolen credentials and used an “export data manager” tool to steal information.

The company said this was not a ransomware attack or the result of software bugs, but a simple network breach. The company hired a third-party cybersecurity firm to investigate the breach, find out what happened and determine who was affected.

Illustration of a hacker at work (Kurt “CyberGuy” Knutsson)

UNDERSTANDING BRUSHING SCAMS AND HOW TO PROTECT YOURSELF

What data was stolen

The PowerSource portal includes a feature that allows PowerSchool engineers to access customer systems for support and troubleshooting. Attacker exploited this feature to export the PowerSchool SIS database tables “students” and “teachers” to a CSV file, which was then stolen.

PowerSchool confirmed that the data stolen primarily included contact information such as names and addresses. However, for some districts, the data may also include sensitive information such as social security numbers, personally identifiable information, medical records and grades.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

The company said that customer support tickets, credentials and forum data were not accessed or stolen during the breach. PowerSchool also emphasized that not all SIS users are affected and expects that only a subset of users will need to notify those affected.

“We do not expect the data to be shared or published and we believe it has been deleted without any further replication or dissemination,” the developer told users in a notice.

“We also deactivated the compromised credential and restricted all access to the affected portal. Finally, we performed a full password reset and further tightened password and access controls for all PowerSource customer support portal accounts.”

PowerSchool said affected adults will be offered free credit monitoring, while minors will receive a subscription to an unspecified identity protection service.

Illustration of a hacker at work (Kurt “CyberGuy” Knutsson)

MASS DATA BREACH EXPOSED PERSONAL INFORMATION OF 3 MILLION AMERICANS TO CYBERCRIMINALS

5 ways you can protect yourself from a PowerSchool data breach

The PowerSchool data breach highlighted the importance take care of your personal data. Here are five steps you can take to protect yourself:

1. Monitor your accounts regularly: Carefully monitor your bank accounts, credit cards and any online services associated with your personal information. Be on the lookout for unauthorized transactions or changes to your accounts that could signal misuse of your information.

2. Freeze your credit: If your Social Security number or other sensitive information has been compromised, consider freezing your credit with major credit bureaus like Equifax, Experian and TransUnion. This prevents potential identity thieves from opening new accounts in your name.

3. Use identity theft protection services: Leverage all identity protection services offered by PowerSchool as part of your breach response. These services can alert you to suspicious activity and provide support if someone steals your identity.

CLICK HERE TO SET FOX BUSINESS IN CRETE

One of the best parts about some identity protection services is that they have identity theft insurance up to $1 million to cover losses and legal fees and a white glove fraud team where a US-based case manager helps you recover any losses. Check out my tips and top picks on how to protect yourself from identity theft.

4. Enable two-factor authentication (2FA): Wherever possible, enable 2FA for your online accounts. This adds an extra layer of security by requiring another form of confirmation, such as a text code or app-generated token, to access your accounts.

5. Be aware of phishing links and use powerful antivirus software: Cybercriminals often use phishing scams to exploit data breaches. Avoid clicking on suspicious links in email or text messages, especially those that claim to be from PowerSchool or your school district.

The best way to protect yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android, and iOS devices.

WINDOWS SYSTEM BREAK ALLOWS HACKERS TO GET INTO YOUR PC VIA WI-FI

Kurt’s key to the outside

You can blame hackers for this breach, but PowerSchool shares responsibility for failing to adequately protect sensitive data. The company may also violate data privacy agreements it has signed with school districts, as well as federal and state laws designed to protect student privacy. What’s even more troubling is that it took almost two weeks for PowerSchool to notify its customers of the breach. Schools are now scrambling to assess the full extent of the intrusion. This delay is not only irresponsible; exposes students, parents and teachers to an increased risk of cyber-attacks and identity theft.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Do you think companies like PowerSchool should face stricter regulations for handling sensitive data? Let us know by writing to us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report newsletter by going to Cyberguy.com/Newsletter

Ask Kurt a question or tell us what stories you want us to cover

Follow Kurt on his social channels

Answers to the most frequently asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning technology journalist with a deep love for technology, gear and the gadgets that make life better in his contributions to Fox News & FOX Business since morning on “FOX & Friends.” Have a technical question? Get Kurt’s free CyberGuy newsletter, share your voice, story idea or comment on CyberGuy.com.



Source link

Photo of admin admin8 hours ago
0 0 4 minutes read
Photo of admin

admin

Related Articles

Guantanamo: 11 Yemeni men sent to Oman after two decades without charges

2 days ago

The rebels easily defeated the Syrian army. Their challenge now: rebuilding.

2 weeks ago

Drug dealers could be charged with murder under Virginia’s new fentanyl plan

4 days ago

A college class questions whether black and white women can be friends

6 days ago

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button