PowerSchool starts sending breach notifications, but there are still questions left to answer

Education software platform PowerSchool has started sending breach notifications to victims of a December 2024 cyberattack, but has yet to share how many people were affected or what exactly happened, reports BleepingComputer. PowerSchool, which has has more than 18,000 customers worldwide and serves over 60 million students, suffered a breach on December 28th that may have exposed personal data like names, addresses, Social Security numbers, medical information, and grades. In an update published on its website, PowerSchool says it has started notifying individuals in the US, Canada, and abroad affected by the security incident, including educators, current and former students, and parents and guardians as applicable. PowerSchool says it will offer affected students and educators complimentary identity theft protection services and two years of credit monitoring for adults. “PowerSchool began the process of filing regulatory notifications with Attorneys General Offices across applicable US jurisdictions on behalf of impacted customers who have not opted-out of our offer to do so,” the company wrote on its site. PowerSchool added it’s also starting to notify Canadian regulators and will send a separate update to international customers later in the week. PowerSchool has yet to release a detailed report disclosing what exactly happened or how many people have been affected. A breach notification posted on the Maine’s Attorney General’s office website reveals that 33,488 people were impacted in Maine. The full scale of the breach could be much larger; attackers claimed in their extortion demand that they stole sensitive data from 62,488,628 students and 9,506,624 teachers, BleepingComputer reported.