The U.S. education technology sector has been hit by a major cybersecurity crisis, with PowerSchool, a leading K-12 software provider, at the center of an unprecedented data breach. Serving over 18,000 schools across North America, the company revealed in January 2025 that hackers had gained unauthorized access to its systems, potentially compromising millions of student and teacher records.
A forensic analysis by CrowdStrike found that attackers had infiltrated PowerSchool’s network as early as August 2024, months before the breach was publicly disclosed. Exploiting a single compromised credential, hackers bypassed security protocols and gained access to PowerSchool SIS, the platform responsible for handling sensitive student data, including grades, attendance, and enrollment records.
Despite repeated inquiries, PowerSchool has not disclosed the full extent of the breach, leaving affected schools and parents in the dark. Investigations suggest that:
- Over 62 million student records and 9.5 million teacher accounts may have been exposed.
- Sensitive personal details, including Social Security numbers, medical records, and disciplinary reports, could be at risk.
- Some school districts claim that the breach includes historical student data spanning over 40 years.
Was a Ransom Paid?
PowerSchool has hinted that it took “appropriate steps” to prevent stolen data from being leaked. This suggests that the company may have paid a ransom, though it refuses to confirm:
- The amount paid to hackers.
- Whether the attackers deleted the stolen data.
- If the risk of further exposure remains.
Cybersecurity experts warn that paying a ransom is no guarantee that stolen data won’t resurface on the dark web.
The identity of the hacker who carried out the Data breach remains unknown. PowerSchool has acknowledged ongoing communications with the threat actor but refuses to disclose details. The company also engaged CyberSteward, a Canadian incident response firm, to negotiate with the attackers, further fueling speculation about a ransom payout.
Investigation Gaps on the Data Breach & Security Failures
PowerSchool’s response to the crisis has been criticized for its lack of transparency. Key security lapses identified include:
- No Multi-Factor Authentication (MFA) on the compromised support portal at the time of the attack.
- Weak credential security, which enabled unauthorized access.
- Insufficient logging, making it difficult to trace the full timeline of the breach.
The CrowdStrike report, released in March, failed to provide clear answers on:
- How hackers obtained the compromised credential.
- Whether this was a single-actor breach or part of a larger cyberattack.
- Why PowerSchool had inadequate safeguards despite handling vast amounts of sensitive data.
PowerSchool has started notifying affected individuals and state regulators, but the lack of transparency has left many schools and parents frustrated. Security analysts warn that if education technology providers do not significantly upgrade their cybersecurity practices, similar attacks could become more frequent.
The PowerSchool breach serves as a critical reminder that schools and edtech companies must prioritize cybersecurity to protect student data from falling into the wrong hands.
