PowerSchool SIS Breach Exposed Student and Staff Data
PowerSchool disclosed a security incident affecting its Student Information System (SIS), a platform widely used by K-12 school districts to manage student records, enrollment, attendance, grades, and related administrative data. Reporting on the breach indicates attackers accessed sensitive information stored in SIS environments, with exposed data potentially including student and staff names, contact details, dates of birth, Social Security numbers, medical information, and other school records, depending on the district.
The incident raised broad concern across the education sector because a compromise of a centralized SIS provider can affect many districts at once and expose minors' data alongside employee information. Public coverage and PowerSchool's incident communications indicate the company moved to investigate and notify affected customers, while schools and families were urged to review breach notices, monitor for identity theft, and assess the long-term privacy impact of the exposure of highly sensitive educational records.
Timeline
Aug 1, 2025
PowerSchool posts updated incident information
PowerSchool published an updated SIS incident notice summarizing the breach, response actions, and support resources for affected customers. The update served as an official status page for the ongoing incident response.
Jan 8, 2025
PowerSchool offers mitigation and identity protection services
Following disclosure, PowerSchool offered affected individuals and districts credit monitoring or identity protection support and published guidance for customers. The company also continued outreach to impacted schools and families as part of its remediation efforts.
Jan 7, 2025
PowerSchool publicly discloses the SIS data breach
In early January 2025, PowerSchool publicly acknowledged the incident and informed customers that personal information belonging to students and educators had been accessed. Reporting described the breach as affecting numerous school districts across the United States and Canada.
Dec 28, 2024
PowerSchool detects the intrusion and begins response
PowerSchool identified the unauthorized activity in late December 2024, terminated the access, engaged cybersecurity responders, and began notifying affected customers and authorities. The company also stated it took steps to secure the environment and investigate the scope of the breach.
Dec 1, 2024
Threat actor accesses PowerSchool SIS support platform
PowerSchool said a threat actor gained unauthorized access to its PowerSource customer support portal using compromised credentials and used a maintenance tool to access customer data from Student Information System environments. The incident affected school districts using PowerSchool SIS and exposed student and staff information.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
Canadian School Systems Faulted in PowerSchool Data Breach
Canadian privacy regulators released investigative reports attributing significant responsibility for the PowerSchool data breach to the school systems that used the platform. The breach, which occurred in December, exposed personal information of over 62 million students and 9 million teachers, with data in some cases dating back to 1985. The reports highlighted that the affected schools failed to include adequate privacy and security provisions in their contracts with PowerSchool, did not effectively monitor the company's security safeguards, and lacked proper breach response protocols. Additionally, the lack of multifactor authentication and insufficient limitations on remote access for PowerSchool support personnel were cited as key security lapses. The Ontario and Alberta information and privacy commissioners recommended that schools renegotiate contracts to strengthen privacy and security requirements, implement better oversight of third-party vendors, and establish more robust breach response plans. The incident underscores the importance of comprehensive vendor management and the need for educational institutions to enforce standard security practices, such as multifactor authentication, to protect sensitive student and staff data.
1 months ago
Infinite Campus says Salesforce account breach exposed school staff contact data
Infinite Campus, a major U.S. K-12 student information system provider, disclosed a security incident after a threat actor accessed an employee’s **Salesforce** account used for internal case management and ticketing and then attempted to extort the company. The company said the intrusion did **not** reach its student information system or customer databases, and that the data believed exposed was limited mainly to school staff names and contact details, much of it already publicly available. Threat actor **ShinyHunters** claimed responsibility, added Infinite Campus to its leak site, and threatened to publish allegedly stolen Salesforce records and internal corporate data if the company did not negotiate. Infinite Campus said it disabled the compromised account, began reviewing potentially affected Salesforce data for sensitive information that may have appeared in support tickets, and is notifying districts directly if further issues are identified. As a precaution, it also disabled some customer-facing services for organizations without IP restrictions while restoration work continued. The incident drew attention across the K-12 sector, with the North Carolina Department of Public Instruction saying it was in direct contact with the company and had not confirmed any impact to the state’s system, while Infinite Campus maintained that **no student data was breached**.
1 months ago
Healthcare Sector Data Breaches Involving Unauthorized Email and System Access
Wilbarger General Hospital in Texas and Excellent Home Care Services in New York both reported data breaches involving unauthorized access to employee email accounts. In both cases, investigations revealed that sensitive patient information, including protected health information and, in some cases, Social Security numbers and medical details, may have been accessed or copied by unauthorized parties. Both organizations have notified affected individuals and are offering guidance or identity monitoring services, though the total number of impacted patients has not yet been disclosed. Separately, the Louisiana Office of Student Financial Assistance (LOSFA) notified students of a data security incident involving unauthorized access to certain systems and the removal of files containing names and Social Security numbers. The incident did not affect the START Saving Program or 529 accounts. LOSFA is continuing its investigation and has issued public statements to inform those potentially affected.
1 months ago