PowerSchool, a major education software provider, has begun notifying individuals affected by a massive data breach that occurred in late December 2024. The company, which serves over 60 million students, confirmed the breach resulted from a cyberattack where a stolen account credential was used to access their customer support portal. This allowed attackers to exfiltrate significant amounts of sensitive student and teacher data across the U.S. and Canada. The company is currently working to determine the exact number of affected individuals, but reports suggest tens of millions of students and teachers may have been impacted.
The data breach at PowerSchool is considered one of the largest to hit the education sector recently. While the company has started legally required regulatory notifications and filed a data breach notification with Maine's attorney general, they have not released an official total count of affected individuals, citing an ongoing data review process. It is also known that the compromised account lacked multi-factor authentication, raising questions about PowerSchool’s security measures. Investigations are underway, involving CrowdStrike, to fully determine the scope and details of the breach, which is expected to provide additional information.