PowerSchool Data Breach Resources

PowerSchool provides cloud-based software to K-12 schools, including PowerSchool Student Information System (SIS), which serves as a database for student records, among other uses. PowerSchool provides these products to more than 16,000 customers, largely K-12 schools, that serve 50 million students in the United States. PowerSchool, however, has not yet revealed the number of customers affected by the incident “due to the sensitive nature of [their] investigation.”

Schools use Student Information Systems (SIS) for many reasons, including to be able to quickly and easily contact families if the need arises, to be aware of each student's unique needs and give teachers and other staff insight into how to best meet those needs, to store grades, to monitor attendance, and so on. In addition, SIS like PowerSchool provide districts with the ability to meet annual state reporting mandates.

NCS has used PowerSchool as its Student Information System (SIS) since the 2019 school year. While NCS does use other PowerSchool products, such as PowerSchool Enrollment, the SIS is the only product that was impacted by the breach.

On December 28, 2024, PowerSchool became aware of unauthorized access to information through its customer support portal, PowerSource. Their subsequent investigation revealed that an unauthorized party gained access to certain PowerSchool SIS customer data using a compromised credential. This credential, which was tied to a maintenance account, gave the threat actor(s) broad and deep access to many PowerSchool customers’ data. PowerSchool is currently working with CrowdStrike, a leading security consultant, to publish a forensic report that will provide additional information. This report is scheduled to be released Friday, January 17, 2025.

PowerSchool immediately engaged its cybersecurity response protocols and mobilized a cross-functional response team, including senior leadership and third-party cybersecurity experts. They are working to complete their investigation of the incident and are coordinating with districts and schools to provide more information and resources (including credit monitoring or identity protection services, if applicable) as they become available. 

On January 7, 2025, PowerSchool proactively communicated this incident to the PowerSchool SIS customers affected by this incident and continues to support them through the next steps. 

PowerSchool has also deactivated the compromised credential and restricted all access to the affected portal. Lastly, they have conducted a full password reset and further tightened password and access control for all PowerSource customer support portal accounts. As part of their ongoing efforts to enhance resilience, they have further strengthened PowerSource password policies and controls, including increasing password length and complexity requirements. They continue to prioritize and invest significantly in their cybersecurity defenses.

Finally, PowerSchool would like to extend a sincere note of gratitude to its customer, educator, and family communities for their continued patience and cooperation. They apologize for any concern this incident may cause you and are working hard to provide timely updates.

No. NCS is but one of potentially up to 16,000 customers that was victimized by the exploitation of a vulnerability in PowerSchool’s systems. Our PowerSchool SIS is cloud-hosted, and the responsibility of PowerSchool to maintain and secure.

PowerSchool notified NCS of the data breach on January 7, 2025. We immediately reviewed our PowerSchool logs and confirmed that our data was accessed by the compromised credentials that PowerSchool identified. We then drafted communication updating current families and staff. After the initial round of communication, we analyzed our logs further and discovered that not only was the data of current students and staff accessed, but also the data of graduated students and former staff.

The threat actor who accessed the data has not been named. The IP address that was recorded points to someone in Ukraine; however, this is not definitive, and an IP address can easily be spoofed.

Data from students and staff was accessed, including personally identifiable information (PII). All current students and staff, as well as students who enrolled in NCS from the start of the 2019 school year and many staff who worked in NCS from the start of the 2019 school year, were impacted. This includes students who may have been enrolled only for a short while before transferring out and staff who worked for NCS only briefly before leaving for whatever reason.

Student Data Details

150 unique fields were accessed for 1,013 students, but NCS does not use all of the fields. For our instance, the data in question included student name, date of birth (DOB), home address, home phone number, race and ethnicity, gender, the names of parents/guardians/emergency contacts, school ID number, state ID number, and more. No Health-related information was accessed, including the name and phone number of the student's physician and medical alerts (e.g., allergies, asthma, medications, or other disclosed health conditions that would help staff meet the medical needs of students). Data about special services students receive(d), namely IEP or Section 504 services, was also accessed. In some cases, this data was simply a flag (e.g., "IEP on File - Please see case manager"); in other cases, a specific disability, the name of the case manager, or specific accommodations were present in the flag.

Staff Data Details

97 unique fields were accessed for 200 staff members. Again, NCS does not use all of these fields. For our instance, the data in question included staff name, local staff ID number, gender, race and ethnicity, home phone number, and more.

NCS does not currently collect or store social security numbers (SSN) in PowerSchool.

PowerSchool engaged the services of CyberSteward, a professional advisor with deep experience in negotiating with threat actors. This implies that the party responsible for accessing the data demanded a ransom from PowerSchool and that, working through CyberSteward, PowerSchool paid the ransom and received reasonable assurances (i.e., video confirmation) that the data was deleted. PowerSchool will engage consultants to monitor the Dark Web for the impacted data to ensure it does not appear.

 It is in the best interest of cyber criminals to keep their word because their “business model,” if you will, depends on reliably deleting data when ransoms are paid, or else in the future, victims will not pay the ransom. Nevertheless, if a ransom was paid to a threat actor, there is no way to confirm that the data has not or will not be released or used for an impermissible purpose.

PowerSchool has committed to providing credit monitoring services for adults whose data was impacted, as well as identity protection services for minors whose data was impacted. They have not shared the details about how this will work yet, but NCS will pass along this and any other updates as we receive them.

Illinois law requires school districts to store each school shall maintain student permanent records and the information contained therein for not less than 60 years after the student has transferred, graduated or otherwise permanently withdrawn from the school.  (105 ILCS 10/4) (from Ch. 122, par. 50-4). The district is permitted to electronically store via Student Information Systems (SIS) like PowerSchool.

Some parents/guardians of graduated students have requested that we delete their students’ records. Under Illinois law requires school districts to store each school shall maintain student permanent records and the information contained therein for not less than 60 years after the student has transferred, graduated or otherwise permanently withdrawn from the school. The District does not have the discretion to delete Pupil Records, even when requested to do so by parents/guardians.

There is no action that anyone needs to take at this time other than to be on the lookout for updates from the district. Whatever new information we learn will be published here on the PowerSchool Data Breach FAQ page. Current and former school community members should be on guard for potential phishing/social engineering attempts using this incident as a pretext. Please remain vigilant, as PowerSchool will never contact you by phone or email to request your personal or account information.

As of January 17, PowerSchool announced that all individuals impacted by the breach will qualify for identity protection and/or credit monitoring services from Experian. PowerSchool stated that Experian will provide these notifications "in the next few weeks" from this date. This a vague time range, but we would expect notices by mid-February at the latest.

PowerSchool will be offering two years of complimentary identity protection services for all students and educators whose information was exfiltrated , which will also include two years of complimentary credit monitoring services for all adult students and educators whose information was involved, regardless of whether an individual’s Social Security number was exfiltrated.

Experian, a trusted credit reporting agency, will be helping PowerSchool to provide these services. Details on how to enroll will be included as part of individual notifications. As the offer is specific to this incident, the details contained in the forthcoming enrollment notification will be required to enroll, and cannot be obtained directly from Experian.

Credit monitoring agencies do not offer credit monitoring services for individuals under the age of 18. If a parent / guardian enrolls an individual under the age of 18 in the offered identity protection services, the individual, upon turning 18, will have the opportunity to enroll in credit monitoring services for the duration of the two-year coverage period.

Experian will also provide a call center to answer questions from the community.

Starting in the next few weeks (from Friday, January 17, 2025), PowerSchool will be handling notifications to involved individuals on NCS's behalf.  PowerSchool will coordinate with Experian to provide notice on NCS's behalf to students (or their parents / guardians if the student is under 18) and educators, as applicable, whose information was involved, as well as a call center to answer questions from the community. The notice will include the identity protection and credit monitoring services offer (as applicable).

PowerSchool will publish the notice on its website, circulate the notice to local media, and send the notice to email addresses, where available, of involved individuals. The notice received by each individual will include a description of the categories of personal information that were exfiltrated and the identity protection and credit monitoring services offered (as applicable). 

Dive into the mysteries surrounding the origins of life. Explore the theories and hypotheses on how life may have emerged on Earth and examine the conditions that are believed to be essential for the development of life. Delve into the chemical processes, early Earth environments, and the fascinating search for the building blocks of life beyond our planet.

Venture into the realm of exoplanets, planets that orbit stars outside our solar system. Discover the methods used to detect and characterize exoplanets, including the search for habitable environments. Explore the factors that contribute to a planet's potential habitability, such as the presence of water, suitable atmospheres, and the possibility of hosting life as we know it.

Uncover the incredible resilience of life on Earth by exploring extremophiles—organisms that thrive in extreme conditions. From the depths of the oceans to volcanic vents, from icy regions to arid deserts, learn about the adaptations that allow these organisms to survive in environments once thought inhospitable. Discover how the study of extremophiles informs our understanding of the potential for life in extreme environments elsewhere in the universe.

Embark on a quest to find signs of extraterrestrial life. Delve into the exploration of our solar system, including the search for microbial life on Mars and the potential for subsurface oceans on moons like Europa and Enceladus. Explore the concept of biosignatures and the technology used to detect potential signs of life beyond Earth. Learn about ongoing missions and future endeavors aimed at uncovering the secrets of our cosmic neighbors.

Delve into the origins of the universe with an exploration of the Big Bang theory. Learn about the evidence supporting this prevailing cosmological model, the expansion of space and time, and the cosmic microwave background radiation. Discover how scientists have pieced together the early moments of our universe and the implications of the Big Bang theory for our understanding of cosmic evolution.

Explore the enigmatic components of the universe—dark matter and dark energy. Dive into the mysteries surrounding these elusive entities that make up a significant portion of the universe. Learn about their effects on the dynamics of galaxies and the large-scale structure of the cosmos. Delve into the ongoing research and theories that aim to unravel the nature and properties of dark matter and dark energy.

Journey through the vast cosmic tapestry as we unravel the structure of the universe. Explore the formation of galaxies, galaxy clusters, and cosmic filaments that make up the cosmic web. Learn about supermassive black holes, galactic collisions, and the evolution of structures over billions of years. Delve into the cosmic forces and processes that shape the intricate structure of our universe.

Embark on a speculative journey beyond our observable universe. Explore the fascinating concept of the multiverse, which suggests the existence of multiple universes beyond our own. Delve into the realm of string theory and its implications for understanding the fundamental nature of reality. Dive into the cutting-edge theories and mind-bending possibilities that expand our perception of the cosmos.