Massive Data Breach Exposes Sensitive Information of Millions of Students and School Personnel
Parents, students, teachers, and administrators throughout North America are reeling from what could be the biggest data breach of 2025: an intrusion into the network of a cloud-based service storing detailed data of millions of pupils and school personnel.
PowerSchool Hack Exposes Sensitive Information
The hack, which came to light earlier this month, hit PowerSchool, a Folsom, California, firm that provides cloud-based software to some 16,000 K–12 schools worldwide. The schools serve 60 million students and employ an unknown number of teachers. Besides providing software for administration, grades, and other functions, PowerSchool stores personal data for students and teachers, with much of that data including Social Security numbers, medical information, and home addresses.
Stolen Information Includes Social Security Numbers and Medical Information
On January 7, PowerSchool revealed that it had experienced a network intrusion two weeks earlier that resulted in the “unauthorized exportation of personal information” customers stored in PowerSchool’s Student Information System (SIS) through PowerSource, a customer support portal. Information stolen included individuals’ names, contact information, dates of birth, medical alert information, Social Security Numbers, and unspecified “other related information.”
Fallout Across North America
Since then, schools throughout the US and Canada have reported the devastating fallout. On Monday, for instance, the Toronto District School Board notified parents, students, and former students that the breach exposed sensitive information of all students in the district between 1985 and 2024. Data stolen varied by the years students were enrolled, but the stolen info included:
- First, middle, and last names
- Date of birth
- Gender
- Health card number
- Grade level and school information
- Start/end date as a student
- Ontario Education Number
- EQAO accommodation information
- Medical information (i.e., allergies, conditions, injuries)
- Home addresses
- Home phone numbers
- TDSB student number
- TDSB email address
- First Nations, Métis, and Inuit information
- Residency status
- Principal/vice principal notes (including discipline notes)
Conclusion
The PowerSchool data breach is a stark reminder of the importance of data security and the potential consequences of a network intrusion. As the investigation into the breach continues, it is essential for schools and parents to remain vigilant and take steps to protect sensitive information.
FAQs
Q: What was the extent of the data breach?
A: The breach exposed sensitive information of millions of students and school personnel, including Social Security numbers, medical information, and home addresses.
Q: Which schools were affected?
A: The breach affected schools in the US and Canada, with the Toronto District School Board being one of the most recent victims.
Q: What is being done to mitigate the damage?
A: PowerSchool has notified affected schools and parents, and is working to identify and contain the breach. The company is also providing resources and support to affected individuals.
Q: What can I do to protect my personal information?
A: It is essential to remain vigilant and take steps to protect your personal information. Monitor your credit reports, and consider placing a freeze on your credit reports to prevent unauthorized access. Additionally, be cautious of phishing scams and other attempts to steal your personal information.
