PowerSchool hack keeps getting worse - 62 million students now thought to be affected

(Image credit: Shutterstock / binarydesign)

New PowerSchool data, allegedly found in the ransom demand, now puts the number of affected students at 62 million
More than nine million teachers also affected
The victims are located in the US, Canada, and elsewhere

The PowerSchool hack seems to have been much worse than originally believed, as new reports now claim more than 62 million students, and nine million teachers, were actually affected by the attack.

In late December 2024, an unidentified threat actor used stolen credentials to access its PowerSchool Student Information System (SIS) platform. From there, they were able to use the “export data manager" customer support tool to exfiltrate “Students” and “Teachers” database tables to a CSV file, which was then stolen.

The information grabbed in this attack included names, and postal addresses, and in some districts, the threat actors also obtained Social Security numbers (SSN), personally identifiable information (PII), medical information, and grades.

Ongoing investigation

It has since been reported the attackers stole the personal data of 62,488,628 students and 9,506,624 teachers, citing both the attacker, and multiple other sources. In total, it was said, 6,505 school districts in the US, Canada, and other countries, were affected. The numbers are allegedly coming from the extortion demand sent to the breached company.

Toronto District School Board, Peel District School Board, and Dallas Independent School District seem to be most impacted.

PowerSchool did not want to comment on the new findings, it was said, especially since its investigation is still ongoing. However, the company did tell the publication that the type of exposed data varies per district. This is because school districts decide what information they will store in the SIS database, based on district, or State policy requirements.

“For this reason, it is expected that less than a quarter of impacted students had their Social Security Number exposed in the breach,” BleepingComputer said, citing the company.

“We care deeply about the students, teachers, and families we serve and are wholeheartedly committed to supporting them. PowerSchool will be offering two years of complimentary identity protection services and two years of complimentary credit monitoring services for all applicable students and educators whose information was involved,” the company told BleepingComputer in a written statement.

Via BleepingComputer

Hackers are abusing Zendesk to run brand impersonation scams
Here's a list of the best antivirus tools on offer
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.