A major cybersecurity incident has struck PowerSchool, one of the largest providers of K-12 education technology software in the United States. The company recently confirmed unauthorized access to its Student Information System (SIS) platform, resulting in the theft of sensitive data belonging to students and teachers.
The breach occurred in late December 2024 when attackers used stolen credentials to infiltrate the system. The perpetrators leveraged PowerSchool's "export data manager" support tool to extract database tables containing personal information.
The stolen data includes names and postal addresses of students and teachers. For some school districts, the breach extended to more sensitive information including Social Security numbers, personal identification details, medical records, and academic grades.
PowerSchool has begun notifying affected individuals through breach notification letters. The company emphasized that not all SIS customers were impacted, with only a subset of users affected. A company spokesperson confirmed that customer support tickets, login credentials, and forum data remained secure.
While the exact number of individuals affected remains undisclosed, PowerSchool took the unusual step of paying a ransom to the attackers in exchange for deletion of the stolen data. The company stated it received "reasonable assurances" that all copies of the information have been destroyed, though it declined to reveal the ransom amount citing the sensitive nature of the investigation.
This incident reflects a growing trend where cybercriminals focus on data theft rather than system encryption, as it proves more cost-effective while achieving similar leverage for ransom demands.