Skip to main content
  1. Home
  2. Computing
  3. News

PowerSchool hack could affect millions of K-12 students

Add as a preferred source on Google
A hacker typing on an Apple MacBook laptop, which shows code on its screen.
Sora Shimazaki / Pexels

Education software giant PowerSchool suffered from a hack that might have put the sensitive data of K-12 students and teachers at risk. It’s unclear how many people were affected, but the PowerSchool Student Information System (SIS) platform contains the data of over 60 million students and 18,000 customers.

Some of the leaked data could be limited to names and addresses but some school districts may have been hit harder, with data like Social Security numbers (SSNs), personally identifiable information (PII), grades, and medical information being stolen, as reported by Bleeping Computer.

Recommended Videos

PowerSchool comments that it only became aware of the situation last month. It sent out a message to affected customers, saying, “As a main point of contact for your school district, we are reaching out to make you aware that on December 28, 2024, PowerSchool became aware of a potential cybersecurity incident involving unauthorized access to certain information through one of our community-focused customer support portals, PowerSource.”

The threat actor gained access using compromised credentials and then stole the data using an “export data manager.” The hackers used a maintenance access tool used by PowerSchool engineers for customer support and troubleshooting.

Once in, the hacker put all the data in a CSV file to steal it. However, not all data was taken since PowerSchool also told Bleeping Computer that data such as customer tickets, customer credentials, and forum data were not exposed. Also, the company says that not all PowerSchool SIS customer data is compromised, and only a subset will be notified that their data was leaked — but it’s unclear how many could potentially be affected in this cybersecurity incident.

The company is taking the situation seriously, changing all passwords and applying stronger guidelines. It also contacted cybersecurity experts, including CrowdStrike, to handle the situation. PowerSchool also worked with CyberSteward, a professional advisor with vast experience dealing with threat actors.

Although this reportedly was not a ransomware attack, PowerSchool ended up paying a ransom to prevent the data from being leaked. The threat actors gave PowerSchool logical assurances that the stolen data was erased. PowerSchool saw the data being erased on video, but there’s always a chance that it wasn’t fully erased — let’s hope that it was.

Despite the incident, PowerSchool is up and running and offers credit monitoring services to affected adults. If you want to make sure whether your school district was affected, check out the guide in this Bleeping Computer coverage.

Judy Sanhz
Computing Writer
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
Amazon wants to design in-house chips for Kindles, Fire TV, and Echo speakers
Apple did it first. Amazon is doing it now, starting with 40 million chips a year and a partner most people have never heard of.
Amazon Kindle Scribe dark mode featured image.

Apple's decision to design its own chips reshaped the consumer electronics industry. Amazon may be about to make the same call, just about two decades later.

Supply chain analyst Ming-Chi Kuo reports that Amazon is preparing to shift away from externally sourced processors for its consumer electronics lineup, marking what he describes as the company's first major processor procurement change in 20 years. The transition is expected to begin in 2027.

Read more
AI wants to summarize it all. TripAdvisor’s misleading reviews show AI will also ruin your travel plans
Spotless, friendly, and totally wrong. AI summaries are hiding the reviews that actually matter.
Tripadvisor logo on MacBook

Planning a trip is stressful enough without wondering if the glowing hotel summary you just read was written by an AI that skipped the scary parts. As it turns out, that might be exactly what's happening on TripAdvisor.

According to an investigation by consumer group Which?, reported by the Guardian, TripAdvisor's AI-generated review summaries are smoothing over serious guest complaints, and in some cases, downright dangerous ones.

Read more
Opera’s new Paste Protect feature stops the clipboard attack your antivirus can’t catch
ClickFix attacks trick you into compromising your own device, and no major browser had a native defense against them until now.
Opera Paste Protect featured

Most online scams are easy enough to spot once you know what to look for. Fake login pages, suspicious attachments, or urgent wire transfer requests are dead giveaways. But ClickFix doesn't look like any of them. It presents itself as a solution, and it asks you to do something so routine that few people think twice about it.

The technique was behind more than 53 percent of malware loader incidents last year, according to cybersecurity firm Huntress, and no major browser had a native defense against it until now. Opera is fixing that with a new feature called Paste Protect.

Read more