PowerSchool Breach: Hackers Steal All Historical Data

A recent cyberattack on PowerSchool, a major player in educational technology, has left many U.S. school districts reeling. Reports indicate that hackers accessed “all” historical data related to students and teachers stored in PowerSchool’s systems, raising serious concerns about the security of sensitive information.

PowerSchool’s software supports more than 50 million students across the United States. The breach occurred in December 2024 when attackers compromised the company’s customer support portal using stolen credentials. This intrusion allowed them to access a vast amount of personal data belonging to both current and former students and teachers in K-12 schools.

While PowerSchool has not publicly disclosed how many districts were affected, sources from impacted school districts have shared alarming details. One representative stated, “In our case, I just confirmed that they got all historical student and teacher data.” Another source from a district with nearly 9,000 students reported that the attackers accessed demographic data for all teachers and students, both active and historical, as long as they had been using PowerSchool.

Concerns about PowerSchool’s security measures have also been raised. When asked about their protocols, a spokesperson did not dispute the accounts from affected districts but declined to provide details about their security controls. They mentioned that PowerSchool does use multi-factor authentication (MFA) but did not elaborate on its implementation across their systems. The lack of basic protections has many questioning how such sensitive data could be so easily accessed.

Several school districts have begun to inform their communities about how the breach is affecting their students and staff. For instance, Menlo Park City School District confirmed that hackers accessed data on all current students and staff, as well as historical records dating back to the 2009-2010 school year.

Mark Racine, CEO of the education technology consulting firm RootED Solutions, noted that this breach could also impact school districts that are former customers of PowerSchool. He suggested that the scale of the breach might extend beyond PowerSchool's 18,000 current educational customers. Some districts have reported that the number of affected students could be four to ten times higher than their actively enrolled figures.

According to a PowerSchool FAQ shared with customers last week, the stolen data includes names, addresses, Social Security numbers, some medical information, grade information, and other personally identifiable information belonging to students and teachers. The Rancho Santa Fe School District in California was one of the first to file its own data breach notice with state regulators and confirmed that attackers accessed teachers’ credentials for accessing PowerSchool.

PowerSchool has stated that it is working to identify specific individuals whose data may have been compromised. While they have taken steps to prevent the stolen data from being published—claiming it has been deleted without further dissemination—details on these measures remain vague.

As this situation continues to develop, it’s vital for schools and parents to stay informed about how this breach might affect them and what steps are being taken to secure sensitive educational data in the future.