Cybercriminals spare no industry, targeting sectors like health care, insurance, automotive and education. Health care has been a frequent target, with attacks like the Ascension breach last year and the CVR incident in late 2024.
Now, education technology giant PowerSchool has become the latest target, with records of millions of students and teachers stolen.
While the exact number of affected individuals remains unknown, the scale of the breach is alarming.
PowerSchool serves 18,000 customers worldwide, including schools in the U.S. and Canada, managing grading, attendance and personal information for over 60 million K-12 students and teachers.
I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2
Kids working on their laptops (Kurt “CyberGuy” Knutsson)
How did hackers target PowerSchool
PowerSchool revealed a cybersecurity breach to its customers Jan. 7, as reported by BleepingComputer. The company said it discovered the breach Dec. 28, after customer data from its PowerSchool SIS platform was stolen through the PowerSource support portal.
PowerSchool SIS is a student information system used for managing grades, attendance, enrollment and other student records. Hackers accessed the PowerSource portal using stolen credentials and used an “export data manager” tool to steal information.
The company said this wasn’t a ransomware attack or a result of software flaws, but rather a straightforward network break-in. The company has hired a third-party cybersecurity firm to investigate the breach, figure out what happened and determine who was affected.
Illustration of a hacker at work (Kurt “CyberGuy” Knutsson)
UNDERSTANDING BRUSHING SCAMS AND HOW TO PROTECT YOURSELF
What data got stolen
The PowerSource portal includes a feature that allows PowerSchool engineers to access customer systems for support and troubleshooting. The attacker exploited this feature to export the PowerSchool SIS “students” and “teachers” database tables to a CSV file, which was then stolen.
PowerSchool confirmed the stolen data primarily includes contact details like names and addresses. However, for some districts, the data may also include sensitive information such as Social Security numbers, personally identifiable information, medical records and grades.
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
The company said customer support tickets, credentials and forum data were not accessed or stolen during the breach. PowerSchool also emphasized that not all SIS customers were affected and expects only a subset of customers will need to notify those affected.
“We do not anticipate the data being shared or made public, and we believe it has been deleted without any further replication or dissemination,” the developer told customers in a notice.
“We have also deactivated the compromised credential and restricted all access to the affected portal. Lastly, we have conducted a full password reset and further tightened password and access control for all PowerSource customer support portal accounts.”
PowerSchool said affected adults will be offered free credit monitoring, while minors will receive subscriptions to an unspecified identity protection service.
Illustration of a hacker at work (Kurt “CyberGuy” Knutsson)
MASSIVE DATA BREACH EXPOSES 3 MILLION AMERICANS’ PERSONAL INFORMATION TO CYBERCRIMINALS
5 ways you can stay safe from PowerSchool data breach
The PowerSchool data breach has highlighted the importance of staying vigilant about your personal information. Here are five steps you can take to protect yourself:
1. Monitor your accounts regularly: Keep a close eye on your bank accounts, credit cards and any online services linked to your personal information. Watch for unauthorized transactions or changes to your accounts that could signal misuse of your data.
2. Freeze your credit: If your Social Security number or other sensitive details were compromised, consider placing a credit freeze with major credit bureaus like Equifax, Experian and TransUnion. This prevents potential identity thieves from opening new accounts in your name.
3. Use identity theft protection services: Take advantage of any identity protection services offered by PowerSchool as part of its breach response. These services can alert you to suspicious activity and provide support if your identity is stolen.
GET FOX BUSINESS ON THE GO BY CLICKING HERE
One of the best parts of some identity protection services is that they have identity theft insurance of up to $1 million to cover losses and legal fees and a white glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.
4. Enable two-factor authentication (2FA): Wherever possible, enable 2FA for your online accounts. This adds an extra layer of security by requiring a second form of verification, such as a text code or app-generated token, to access your accounts.
5. Be aware of phishing links and use strong antivirus software: Cybercriminals often use phishing scams to exploit data breaches. Avoid clicking on suspicious links in emails or text messages, especially those claiming to be from PowerSchool or your school district.
The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
WINDOWS FLAW LETS HACKERS SNEAK INTO YOUR PC OVER WI-FI
Kurt’s key takeaway
You can blame hackers for this breach, but PowerSchool shares the responsibility for failing to adequately protect sensitive data. The company may also be in violation of data privacy agreements it signed with school districts, as well as federal and state laws designed to safeguard student privacy. What’s more concerning is that PowerSchool took nearly two weeks to notify its customers about the breach. Schools are now left scrambling to assess the full extent of the intrusion. This delay is not just irresponsible; it puts students, parents and teachers at heightened risk of cyberattacks and identity theft.
CLICK HERE TO GET THE FOX NEWS APP
Do you think companies like PowerSchool should face stricter regulations for handling sensitive data? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you’d like us to cover
Follow Kurt on his social channels
Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
