PowerSchool, a cloud-based platform for K-12 schools, recently disclosed a data breach that impacted some of its clients, including at least one district in Kansas. The breach involved unauthorized access to student and teacher data through a customer support portal, where the intruder used compromised credentials. The exposed data primarily included contact information such as names and addresses, but did not contain financial details, social security numbers, or photographs. PowerSchool confirmed no other products were affected.
On December 28, 2024, PowerSchool discovered the breach and immediately engaged cybersecurity experts, informed law enforcement, and isolated the incident to the PowerSource portal. No further unauthorized activity or malware was found. PowerSchool deactivated the compromised credentials, reset passwords, and enhanced security controls to prevent future incidents.
The company has taken steps to secure the data, which it believes has been deleted without further distribution. While no harm has been reported, affected adults will receive credit monitoring, and minors will receive identity protection services. PowerSchool is preparing communication packages and offering webinars for stakeholders to address concerns.