PowerSchool, a service that describes itself as providing "innovative K-12 software and cloud-based solutions to improve educational outcomes and simplify school operations," announced that they had experienced a major security data breach of their servers on December 28, 2024 that affected multiple school districts nationwide, including several on Long Island, New York.
The Long Island schools affected by the breach include Jericho, Nassau BOCES, Smithtown Central, Uniondale, Hicksville, Lynbrook, Glen Cove, West Hempstead, Middle Country, and Massapequa.
According to their website, PowerSchool is a web-based, home-to-school communication tool and is currently utilized by over 18,000 school districts and 60 million students in over 90 countries.
It features portals that allows students to log in to and see their grades, assignments, scores, attendance, schedules, school bulletins, and more, as well as for parents to see the grades, assignments, scores, attendance, schedules, and school bulletins for their children.
Upon news of the breach, PowerSchool released the following statement:
"On December 28, 2024, we became aware of a potential cybersecurity incident involving unauthorized access to certain PowerSchool Student Information System (SIS) information through one of our community-focused customer portals, PowerSource," the statement reads. "PowerSchool is not experiencing, nor does it expect to experience, any operational disruption and continues to provide services as normal to our customers. We have no evidence that other PowerSchool products were affected as a result of this incident or that there is any malware or continued unauthorized activity in the PowerSchool environment."
In response, PowerSchool noted that they undertook the following steps:
"As soon as we learned of the incident, we immediately engaged our cybersecurity response protocols and mobilized a cross-functional response team, including senior leadership and third-party cybersecurity experts," they said. "We are working to complete our investigation of the incident and are coordinating with districts and schools to provide more information and resources (including credit monitoring or identity protection services if applicable) as they become available."
Following notification of the affected school districts and other parties, PowerSchool said that they would keep users notified with constant updates going forward.
We take our responsibility to protect student, family, and educator data privacy extremely seriously, and we are committed to providing customers, families, and educators with resources and support as we work through this together.
"We would like to extend a sincere note of gratitude to our customer, educator and family communities for their continued patience and cooperation," they said. "We apologize for any concern this incident may cause you and are working hard to provide you timely updates."