PowerSchool Data Breach: Victims Unite to Investigate Hack

Data Breach at PowerSchool Impacts Millions of Students

On January 7th, at 23:10 Dubai time, Romy Backus, an employee, was alerted via email that PowerSchool, a leading education technology company, had experienced a data security incident discovered on December 28th. The breach affected numerous schools utilizing their services.

PowerSchool reported that unauthorized access was gained to a cloud-based system containing sensitive data belonging to students and educators globally. This compromised information included Social Security numbers, medical histories, academic records, and other personally identifiable details.

Scale of the Incident

As the largest provider of cloud-based education software for K-12 institutions—serving approximately 18,000 schools and over 60 million students in North America—the potential impact of this breach is considered “massive” by industry observers.

Sources within affected school districts confirmed to TechCrunch that hackers had obtained access to the complete historical data of both students and teachers stored within PowerSchool systems.

Initial Response and Information Gap

Backus, who manages the PowerSchool Student Information System (SIS) at the American School of Dubai, immediately initiated the school’s data breach protocols upon receiving the notification.

Her primary concern was to ascertain the specific data compromised at her school, as PowerSchool’s initial communication lacked detailed information. She sought clarity regarding the scope and severity of the incident.

“I needed to understand what data was exposed, when the breach occurred, and the extent of the damage,” Backus explained to TechCrunch.

However, PowerSchool was initially unable to provide the specific details required by its customers to conduct their own thorough investigations.

Community-Driven Investigation

Backus quickly discovered that other school administrators were facing the same challenges in obtaining adequate information from PowerSchool.

Communication from the company was described as “confusing and inconsistent” by one of several school workers who spoke with TechCrunch under the condition of anonymity.

While PowerSchool was commended for its swift initial alert, the lack of actionable information proved problematic.

A Collaborative Effort Emerges

In the immediate aftermath of the notification, schools began independently assessing the extent of the breach, and whether they were affected at all.

The PowerSchool customer email lists experienced a surge in activity, as Adam Larsen, Assistant Superintendent for Community Unit School District 220 in Oregon, Illinois, described to TechCrunch.

The community quickly realized they would need to rely on each other for support and information.

“We needed to act quickly and couldn’t fully depend on the information provided by PowerSchool at that time,” Larsen stated.

Backus observed a degree of panic and repeated questioning as individuals sought answers.

Sharing Knowledge and Resources

Leveraging her expertise, Backus promptly determined the compromised data at her school and began exchanging information with colleagues from other impacted institutions.

Recognizing a pattern in the breach, she compiled a comprehensive guide detailing the hackers’ IP address and providing steps for investigating the incident and identifying stolen data.

On January 8th, less than 24 hours after PowerSchool’s initial notification, Backus shared this guide via WhatsApp with a group of PowerSchool administrators in Europe and the Middle East.

Later that day, she also posted the document on the PowerSchool User Group, a popular online forum with over 5,000 members.

The Document Goes Viral

The document rapidly gained traction within the PowerSchool community, growing to nearly 2,000 words and accumulating over 2,500 views as of Friday, according to Backus, who tracked its reach using a Bit.ly link.

The document was also shared publicly on Reddit and other private groups, further expanding its audience.

Concurrently, Larsen released open-source tools and a tutorial video to assist others in assessing their systems.

Community Resilience and Systemic Issues

These efforts exemplify the collaborative spirit among school workers affected by the breach—and those who were notified but not directly impacted—who proactively supported each other.

The response was largely crowdsourced, driven by solidarity and necessity due to the perceived slow and incomplete response from PowerSchool.

Discussions and support were also exchanged in Reddit threads dedicated to K-12 systems administrators, requiring verification of user credentials.

Industry-Wide Challenges

Doug Levin, co-founder of the K12 Security Information eXchange (K12 SIX), noted that this type of open collaboration is common within the education sector, but the scale of the PowerSchool incident made it particularly noticeable.

“The education sector generally lacks the established cybersecurity information-sharing infrastructure found in other industries,” Levin explained.

He emphasized that schools often face understaffing in IT and a lack of specialized cybersecurity expertise, necessitating reliance on informal collaboration.

Another school worker highlighted the financial constraints that limit access to comprehensive cybersecurity resources.

PowerSchool’s Response

In a statement to TechCrunch, PowerSchool spokesperson Beth Keebler acknowledged the strong security community among its customers.

“We are grateful for our customers’ patience and sincerely thank those who stepped up to help their peers by sharing information. We will continue to do the same,” Keebler said.

Reporting contributed by Carly Page.