PowerSchool, a leading cloud-based K-12 software provider, has initiated notifications to individuals affected by a significant cybersecurity breach that occurred in December 2024. The company, which serves over 60 million students and 18,000 customers globally, experienced unauthorized access to its PowerSource customer support portal, affecting 6,505 school districts across the United States and Canada.

The breach exposed sensitive information including:
– Full names
– Physical addresses
– Contact information
– Social Security numbers
– Medical data
– Academic grades

While PowerSchool maintains the incident impacted only a subset of customers, a threat actor claims to have obtained data from over 62 million students and 9.5 million teachers. In Maine alone, 33,488 individuals were affected, according to notifications filed with the state’s Attorney General’s office.

Response and Remediation:
– Notifications being sent to current and former students, parents, guardians, and educators
– Regulatory notifications filed with U.S. Attorneys General offices
– Canadian regulators being notified
– Free two-year identity theft protection and credit monitoring services offered to affected individuals

The full scope of the breach remains undisclosed, with a detailed investigation report from CrowdStrike still pending. International customers are expected to receive updates in the coming week.