Cybercriminals spare no industry, targeting sectors such as healthcare, insurance, automotive and education. Healthcare has been a common target, with attacks like the Ascension breach last year and the CVR incident in late 2024.

Now education technology giant PowerSchool has become the latest target as the records of millions of students and teachers have been stolen.

While the exact number of people affected is still unknown, the scale of the breach is alarming.

PowerSchool serves 18,000 customers worldwide, including schools in the United States and Canada, and manages the grading, attendance and personal information of over 60 million K-12 students and teachers.

I’m giving away the latest and greatest Airpods Pro 2

How did hackers target PowerSchool?

PowerSchool reported a cybersecurity breach to its customers on January 7, as reported by BleepingComputer. The company said it discovered the breach on December 28 after customer data was stolen from its PowerSchool SIS platform via the PowerSource support portal.

PowerSchool SIS is a student information system used to manage grades, attendance, enrollment and other student data. Hackers accessed the PowerSource portal with stolen credentials and used an “Export Data Manager” tool to steal information.

The company said it was not a ransomware attack or the result of software bugs, but a simple network breach. The company hired an outside cybersecurity firm to investigate the breach, determine what happened and determine who was affected.

UNDERSTAND BRUSH FRAUD AND HOW TO PROTECT YOURSELF

Which data was stolen?

The PowerSource portal includes a feature that allows PowerSchool engineers to access customer systems for support and troubleshooting. The attacker exploited this feature to export the PowerSchool SIS Student and Teacher database tables to a CSV file, which was then stolen.

PowerSchool confirmed that the stolen data was primarily contact information such as names and addresses. However, in some counties, the data may also include sensitive information such as Social Security numbers, personally identifiable information, medical records and grades.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

The company said no customer support tickets, login credentials and forum data were accessed or stolen during the breach. PowerSchool also emphasized that not all SIS customers were affected and believes that only a portion of customers will need to notify those affected.

“We do not expect the data to be shared or published, and we assume it was deleted without further replication or distribution,” the developer told customers in a statement.

“We have also disabled the compromised credentials and restricted all access to the affected portal. Finally, we performed a full password reset and further tightened password and access controls for all PowerSource customer support portal accounts.”

PowerSchool said affected adults will be offered free credit monitoring, while minors will receive subscriptions to an unspecified identity protection service.

MASSIVE DATA BREACH ATTENDS CYBERCRIMINALS TO THE PERSONAL DATA OF 3 MILLION AMERICANS

5 Ways to Protect Yourself from PowerSchool Data Breaches

The PowerSchool data breach highlighted the importance of remaining vigilant when handling your personal information. Here are five steps you can take to protect yourself:

1. Monitor your accounts regularly: Keep an eye on your bank accounts, credit cards and any online services linked to your personal information. Be alert for unauthorized transactions or changes to your accounts that could indicate misuse of your information.

2. Block your credit: If your Social Security number or other sensitive information has been compromised, you should consider placing a credit freeze with major credit reporting agencies such as Equifax, Experian and TransUnion. This prevents potential identity thieves from opening new accounts in your name.

3. Use identity theft protection services: Take advantage of all identity protection services PowerSchool offers as part of its breach response. These services can alert you to suspicious activity and provide assistance if your identity is stolen.

GET FOX BUSINESS ON THE GO by CLICKING HERE

One of the best aspects of some identity protection services is that they have identity theft insurance of up to $1 million to cover losses and legal fees, and a white-glove fraud prevention team that includes a U.S.-based Case manager helps you recover any losses. Check out my tips and best tips on how to protect yourself from identity theft.

4. Enable two-factor authentication (2FA): Activate wherever possible 2FA for your online accounts. This provides an additional layer of security as a second form of verification is required to access your accounts, such as: B. a text code or a token generated by the app.

5. Watch out for phishing links and use strong antivirus software: Cybercriminals often use phishing scams to exploit data breaches. Avoid clicking on suspicious links in emails or text messages, especially those that claim to be from PowerSchool or your school district.

The best way to protect yourself from malicious links is to install antivirus software on all your devices. This protection can also alert you to phishing emails and ransomware scams, protecting your personal information and digital assets. Get my picks of the best antivirus winners of 2025 for your Windows, Mac, Android and iOS devices.

WINDOWS BUG ALLOWS HACKERS TO SNEAKE INTO YOUR PC VIA WiFi

Kurt’s key to take home

You can blame hackers for this breach, but PowerSchool shares responsibility for failing to adequately protect sensitive data. The company may also be violating privacy agreements it has signed with school districts and federal and state laws protecting student privacy. What’s even more concerning is that it took PowerSchool almost two weeks to notify its customers of the breach. Schools must now struggle to assess the full extent of the intervention. This delay is not only irresponsible; This puts students, parents and teachers at increased risk of cyberattacks and identity theft.

CLICK HERE TO GET THE FOX NEWS APP

Do you think companies like PowerSchool should be subject to stricter regulations when it comes to handling sensitive data? Let us know by writing to us Cyberguy.com/Contact

For more tech tips and security alerts, subscribe to my free CyberGuy Report newsletter at Cyberguy.com/Newsletter

Ask Kurt a question or tell us what stories you’d like us to cover

Follow Kurt on his social channels

Answers to the most frequently asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.