A massive data breach affecting PowerSchool’s school management system has compromised the data of around 60 million students and staff. It puts many children at risk of identity theft and other security attacks, but there are a few steps you can take if your kid’s data is compromised.

How Was PowerSchool Breached?

APowerSchool statementrevealed that the California-based Saas company first discovered the cybersecurity incident on June 06, 2025. The attack involved “unauthorized exfiltration of personal information” from the platform’s Student Information System (SIS). Its SIS contains data from the 18,000 school organizations and more than 60 million students and staff they serve.

Attackers used stolen credentials to hack into PowerSchool’s customer support portal, giving them access to a maintenance tool that uses the platform’s SIS for customer support and troubleshooting. From there, the hackers extracted millions of students and teachers' personally identifiable information (PII).

On August 17, 2025, PowerSchool informed customers about the data breach.

Who Does the PowerSchool Breach Affect?

According toBleepingComputer, hackers sent an extortion demand claiming to have the data of over 62 million students and 9.5 million teachers. Among the data exfiltrated include:

PowerSchool said the data exfiltrated varies across school boards depending on what was imputed into the system. They believe no credit card or banking information was involved.

While PowerSchool has not disclosed the names of the particular schools and boards, the Bleeping Computer report claims the biggest school boards impacted include the Toronto District School Board, Peel District School Board, and the Calgary Board of Education in Canada.

In the US, boards with the most students impacted include the Dallas Independent School District, Memphis-Shelby County School, San Diego Unified, Charlotte-Mecklenburg Schools, and Wake County Public School. Other impacted school boards have also contacted parents to inform them about the breach.

The attack may have exposed the data of both past and present students. AToronto District School Board (TDSB) statementexplained that the breach exposed data on students attending its schools between 1985 and 2024. Included in the hack was other information, including the students’ health card number, education number, as well as residency status, among many others. Emergency contact information of the parents and caregivers of TDSB students, including addresses and their relationship to the students, was also exposed.

PowerSchool promised to give all students and educators impacted two years of complimentary identity protection services from Experian. It also promised to provide two years of credit monitoring services from TransUnion for involved educators and students who have reached the age of majority.

What You Can Do if Your Child’s Data Is Compromised

If your child has been part of a school data breach, this is how you reduce the risk of you or your child being targeted by cybercriminals.

As schools depend more on software and apps, cyberattacks will continue to target students' data. The effects of these breaches can impact students well into adulthood, so it’s important to stay vigilant.