One month after a devastating cyberattack, education software platform PowerSchool has started sending breach notifications to affected individuals, but the company remains tight-lipped about the scope and nature of the incident. The notifications, which began going out to victims in the US, Canada, and abroad, come as a relief to those impacted, but the lack of transparency from PowerSchool has raised more questions than answers.
The December 28th breach may have exposed sensitive personal data, including names, addresses, Social Security numbers, medical information, and grades, affecting over 60 million students and 18,000 customers worldwide. While PowerSchool has promised to offer complimentary identity theft protection services and two years of credit monitoring to affected students and educators, the company's reluctance to disclose the full extent of the breach has sparked concerns.
A breach notification posted on the Maine Attorney General's office website reveals that at least 33,488 people were impacted in Maine alone. However, attackers claimed in their extortion demand that they stole sensitive data from a staggering 62,488,628 students and 9,506,624 teachers, according to BleepingComputer. The discrepancy between these numbers and PowerSchool's silence on the matter has raised suspicions about the true scale of the breach.
PowerSchool's update on its website states that the company has started filing regulatory notifications with Attorneys General Offices across applicable US jurisdictions on behalf of impacted customers who have not opted-out of their offer to do so. The company also plans to notify Canadian regulators and will send a separate update to international customers later in the week. Despite this, the company's lack of transparency has sparked frustration among those affected, who are still seeking answers about what happened and how to protect themselves.
The incident serves as a stark reminder of the importance of cybersecurity in the education sector, where sensitive student data is often at risk. As the full extent of the breach remains unclear, experts warn that the impact could be far-reaching, with potential consequences for students, educators, and parents alike.
As the situation continues to unfold, it remains to be seen how PowerSchool will address the growing concerns and demands for transparency. One thing is certain, however: the company's response will have significant implications for the education technology industry as a whole, and the millions of people whose data was potentially compromised.
In the meantime, affected individuals are advised to remain vigilant and take steps to protect their personal data, including monitoring their credit reports and being cautious of phishing scams. As more information becomes available, it is essential for PowerSchool to prioritize transparency and communication to rebuild trust with its customers and the broader education community.