PowerSchool’s failure to maintain reasonable security safeguards and protocols cited as cause of data breach.

A class action lawsuit was recently filed against educational technology giant PowerSchool after it revealed that it was the victim of a December 2024 cyberattack that compromised millions of records belonging to students and educators.

While the exact number of affected individuals is still being determined, the breach is concerning given PowerSchool’s massive reach. The company serves over 18,000 clients globally, managing grading, attendance, and personal data for more than 60 million K-12 students and educators across the United States and Canada.

About PowerSchool

PowerSchool is a technology company based in Folsom, California that develops software for K-12 education. The company’s product line consists of:

• Student Information Systems (SIS)
• Learning Management Systems (LMS)
• Student enrollment software
• Data analytics platforms
• School administration tools

As of 2024, PowerSchool reports:

• 3,500 employees
• $732 million in annual revenue
• Operations across multiple countries
• Customer base consisting of K-12 schools and educational districts

The company’s software platforms process and store student records, academic data, enrollment information, and administrative documentation for their client institutions.

What Happened?

In late December 2024, PowerSchool detected unauthorized activity within its network. The security breach specifically targeted PowerSource, the company’s primary platform for customer support and community engagement. An initial investigation traced the origin of the intrusion to December 19, 2024, with the company discovering the breach nine days later on December 28.

Taking immediate action, PowerSchool launched a security review and began the notification process to affected schools. On January 7, 2025, the company distributed two separate communications: one to school districts confirmed to be impacted by the breach, and another to districts whose data remained secure.

In its official statement, PowerSchool emphasized that this was not a ransomware attack, nor was it caused by software vulnerabilities. “This was a direct network intrusion,” the company clarified. PowerSchool has engaged a third-party cybersecurity firm to investigate the breach and determine the scope of the data compromise.

The full extent of the data exposure is currently under active investigation, with more details expected to emerge as PowerSchool continues their security assessment.

What Information was Stolen?

According to news sources the breached data included –

• names;;
• addresses;
• Social Security numbers;
• phone numbers;
• email addresses;
• medical information;
• grades and grade point averages;
• bus stops for student portals;
• notes and alerts concerning students;
• student IDs; and
• PII of parents or guardians of students.

PowerSchool assured customers, “We do not anticipate the data being shared or made public, and we believe it has been deleted without any further replication or dissemination.”

What is PowerSchool Doing to Protect My Identity?

PowerSchool announced it has deactivated the compromised credential and restricted all access to the affected portal. It has also conducted a full password reset and further tightened password and access control for all PowerSource customer support portal accounts.

Affected adults will be offered free credit monitoring, while minors will receive identity protection services.

What Can Hackers Do With My Information?

Stolen PII and PHI can be used to commit identity theft, open new credit accounts, make unauthorized purchases or obtain loans. Cybercriminals have recently targeted America’s essential industries and in so doing have forced millions of Americans to face the fallout from these attacks.

Leaked or stolen data can be sold on the dark web forums and may be used for fraud and medical identity theft, a type of fraud, where threat actors use stolen information to submit forged claims to insurers.

Clients affected by the breach are exposed to a heightened and imminent risk of fraud and identity theft. They must now and in the future closely monitor their financial accounts to guard against identity theft and fraud.

If you receive a notification letter from PowerSchool it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options at no cost to you. For more information, please review these recommendations.

Protect Your Identity. Join the PowerSchool Data Breach Class Action.

The lawsuit alleges that PowerSchool breached its duties under common law and the Federal Trade Commission Act to implement reasonable security measures, comply with industry standards and federal data-security regulations, encrypt sensitive data, and provide adequate and timely notice of the breach.

If you receive a notification letter from PowerSchool, you are at permanent risk of identity theft and the devastating financial and legal consequences that go along with it.

You may be eligible to participate in a class action lawsuit to recover compensation for loss of privacy, time spent dealing with the breach, out-of-pocket costs, and more.

The lawsuit looks to cover anyone in the USA whose private information was compromised by the breach announced by PowerSchool on January 7, 2025

Please complete the form shown on this page and a data breach attorney will contact you. There is no cost to you.

Tags: cyber attack   data breach   Data Privacy   Identity Theft   personal health information   Personal Identifying Information