coalition of school districts across the United States and Canada that were affected by the PowerSchool data breach has formed a joint working group to investigate the full scope of the intrusion and coordinate their response. PowerSchool, which provides student information systems to more than 18,000 schools serving over 60 million students, confirmed the breach in early January.

Schools served18,000+Across the US and Canada
Students in system60M+Total platform users
Est. records exposed>5MPer internal district estimates
ID protection offered2 yearsFor all affected individuals

What Was Exposed

The breach exposed names, contact information, and in some cases sensitive personal data including Social Security numbers and medical records for students and staff. The precise number of affected individuals has not been disclosed, but a source within one of the larger affected districts told EvoFutura that internal estimates exceed 5 million records.

The Working Group's Focus

The working group, which includes cybersecurity counsel and digital forensics specialists retained by the districts, is focusing on two questions: what data was exfiltrated and is it being offered for sale on dark web marketplaces, and whether PowerSchool's pre-breach security posture met the contractual and regulatory standards the company had represented to its customers.

The incident is likely to accelerate federal legislative interest in security standards for edtech vendors who handle sensitive data for minors.

Nadia Osei, EvoFutura

State attorneys general in California, New York, and Texas have opened preliminary inquiries. Analysts expect class-action litigation within weeks, and the incident is likely to accelerate federal legislative interest in security standards for edtech vendors who handle sensitive data for minors.