Over 70 million PowerSchool records stolen in massive educational data breach

You May Be Interested In:Borderlands 4 locks in September 23 release, GTA 6 to follow soon after


TL;DR: Parents, students, and educators across North America are reeling after what is shaping up to be the largest data breach of the new year. Hackers infiltrated a cloud-based software provider used by K-12 schools, compromising the sensitive information of millions of students and school personnel.

Based in Folsom, California, PowerSchool serves 16,000 schools globally and manages data for over 60 million students. On January 7, the company confirmed that attackers had accessed and exfiltrated personal data stored in its Student Information System.

The stolen data includes Social Security numbers, medical records, and home addresses. A report by Bleeping Computer revealed an extortion note from the attackers claiming they had stolen the records of 62.4 million students and 9.5 million teachers.

Among the hardest hit is the Toronto District School Board in Canada, which disclosed Monday that information on all students enrolled between 1985 and 2024 was exposed, equating to 1.4 million students and over 90,000 teachers. The data included names, dates of birth, health card numbers, home addresses, disciplinary notes, and even residency status. The district noted that the scope of the breach varied depending on the enrollment period but affected every student within that timeframe.


District Name Students Impacted Teachers Impacted
Toronto District School Board 1,484,733 90,023
Peel District School Board 943,082 39,693
Dallas Independent School District 787,212 79,718
Calgary Board of Education 593,518 133,677
Memphis-Shelby County School 485,087 54,501
San Diego Unified 472,278 Possibly not stolen
Charlotte-Mecklenburg Schools 467,974 57,486
Wake County Public School 461,005 92,783

California’s Menlo Park City School District also reported significant fallout. All current students, staff, and anyone enrolled or employed since the 2009 – 2010 school year were impacted. This breach includes nearly 10,700 students and many former staff members.

PowerSchool stated it had communicated with the hackers, who allegedly said they would not release the data, supported by a video of its purported deletion. However, experts warn that such claims are impossible to verify and that the threat actors could still post the stolen information on the dark web. Several school districts have included these assurances in their breach notifications despite the dubious deletion claims from the attackers.

PowerSchool has not confirmed the number of affected individuals or whether it paid a ransom. However, it has begun offering those impacted a free two-year credit monitoring package. The breach illustrates the vulnerabilities of online education systems. It’s not just banks, large corporations, and social media platforms that hackers target.

share Paylaş facebook pinterest whatsapp x print

Similar Content

Undersea cable disruption in Baltic Sea investigated for possible sabotage
Undersea cable disruption in Baltic Sea investigated for possible sabotage
Selling fear: How cybersecurity marketing uses consumer anxiety for profit
Google’s reCAPTCHA is not only useless, it’s also basically spyware
Journalism group urges Apple to disable AI summaries after fake headline incident
Journalism group urges Apple to disable AI summaries after fake headline incident
Microsoft proposes new Office and Teams pricing to avoid massive EU fine
Microsoft proposes new Office and Teams pricing to avoid massive EU fine
Two more AMD graphics cards join the Steam survey, as Team Red achieves record CPU share
Two more AMD graphics cards join the Steam survey, as Team Red achieves record CPU share
What happens if a CD spins too fast?
What happens if a CD spins too fast?
Flash News Hub | © 2025 | News