PowerSchool, an American educational technology leader, has acknowledged that a data breach in December 2024 resulted in the theft of personal and sensitive information belonging to 16,000 students in the United Kingdom.
Recently, PowerSchool began reaching out to individuals affected outside of the U.S. and Canada. This breach, initially reported by the company in January, allowed hackers to illegally access the personal information of millions of students and educators by exploiting compromised login credentials to infiltrate the company’s customer support portal.
While PowerSchool has not disclosed the total number of international students affected, spokesperson Beth Keebler stated in an email to TechCrunch that four schools in the U.K. were involved, impacting the data of “approximately 16,000 students.”
In a correspondence sent to those impacted outside of the U.S. and Canada, which was reviewed by TechCrunch, PowerSchool detailed that the compromised data includes students’ contact details, birth dates, some medical information, and “other relevant data.”
Keebler explained to TechCrunch that “the types of information extracted varied for each individual across our client network.” However, PowerSchool chose not to disclose the names of the U.K. schools that were affected.
On PowerSchool’s incident update page, which was inactive during our publication time, the company mentioned that it would not be providing credit monitoring services to affected individuals outside the U.S. and Canada.
Lucy Milburn, a representative from the U.K.’s Information Commissioner’s Office (ICO), informed TechCrunch that they had not received a report regarding the data breach from PowerSchool.
Keebler confirmed that PowerSchool had not submitted a data breach report to the ICO, asserting that the company does not categorize itself as a data controller under U.K. data protection regulation—an entity that determines how and why personal data is processed.
TechCrunch has contacted the ICO for additional clarification regarding PowerSchool’s assertions.
Despite stating that they have “identified the schools and districts whose data was involved in this incident,” PowerSchool has yet to disclose the complete number of individuals impacted by the December breach.
As reported in various sources, the breach potentially affected the personal and sensitive data of over 62 million students and 9.5 million educators. While PowerSchool has consistently refrained from confirming the accuracy of these figures, the company states on its website that its technology serves more than 60 million students.
If you have further details regarding the PowerSchool data breach, we would love to hear from you. From a non-work device, feel free to reach out to Carly Page securely via Signal at +44 1536 853968 or by email at carly.page@techcrunch.com.
Compiled by Techarena.au.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
