Hackers stole personal information belonging to tens of millions of kids from PowerSchool in a data breach. PowerSchool is a California-based company claiming to be a leading provider of cloud-based software used by educational institutions such as K-12 schools. The company learned about the vulnerability on Dec 28th, 2024, and patched it immediately. There is no information on how long the hackers have had access to the PowerSchool servers. However, even though the exact timeframe is not clear yet, it has been confirmed that the hackers have the records of 62.4 million students and approximately 9.5 million teachers. 

The stolen data includes sensitive information such as names, addresses, contact information. It also contains other delicate information, including Social Security Numbers (SSN) and medical records. The affected people are mainly from school districts in the USA and Canada. Some of the districts hacked by the online criminals are San Diego Unified and Toronto District School Board. It is currently unknown who is behind the attack, and cyber security experts are still assessing the exact parameters of the breach. 

You may be interested: Cybercrime in 2025: What to look out for

In a statement to Bleeping Computer, a PowerSchool representative said that most of the stolen credentials did not include their social security numbers in the breach. They said that just one-quarter had their SSNs included in stolen files. While this makes things a bit better, more than 15 million people’s SSNs are still in the hands of criminals. Cybercriminals could potentially sell their personal information on the dark web for years to come.

PowerSchool offers protection after Data Breach: Monitoring Services

PowerSchool has decided to offer two years of complimentary credit monitoring and identity protection services to all applicable students and educators whose information was involved. The company has begun notifying the affected staff and the parents of affected children. PowerSchool has created a dedicated URL that will be updated as they receive more information about the breach. 

What makes this data breach particularly serious is that PowerSchool failed to defend the personal information of kids of all ages. The victims include kindergarteners all the way up to 12 graders. Those children’s adult lives haven’t even started yet. However, they might face the consequences of a stolen identity before entering the workforce. Hackers can exploit the stolen info in various ways, and the breach could haunt the kids throughout their whole lives. 

They advise affected individuals to freeze their credit with all three major credit bureaus. And monitor their credit reports for suspicious activity. Installing top antivirus software on all connected devices is another security layer that could potentially stop fraudsters from completing the puzzle and committing fraud.