An attack on a software tool that Richmond Community Schools and Centerville-Abington Schools use has potentially exposed undetermined amounts of sensitive student and teacher data to hackers.
PowerSchool, a California-based cloud educational software service, notified schools who use the service that a December 2024 compromise of one of its customer support systems had allowed an unknown attacker to gain access to customer data. Since PowerSchool is used to manage student records, grades, schedules and other information, the breached data could include not only names and addresses but also Social Security numbers, medical records, grades and other sensitive details. In a Jan. 13 statement on its website the company says it is still investigating the extent of the breach, but has no evidence that credit card or banking information was stolen.
Richmond Community Schools is one of the school systems that relies on PowerSchool. In an undated letter distributed this month, RCS alerted families of the breach and confirmed that “some information belongs to Richmond Community School’s families and educators.” Director of Technology Alexander Hazelbaker wrote that the school system is waiting on PowerSchool to complete its investigation and share which specific records were affected.
“Richmond Community Schools is committed to providing support throughout this process. We understand this situation may cause concern. PowerSchool is actively addressing this ongoing situation, and we are working closely with them to ensure the security of all data,” Hazelbaker wrote. Questions and concerns can be directed to Hazelbaker at 765-973-3300 x4918 or ahazelbaker@rcs.k12.in.us.
RCS representatives did not respond to WWN’s request for additional information before press time.
Centerville-Abington Community Schools uses PowerSchool and confirmed they are also affected. When asked by WWN about which records might have been exposed, Superintendent Mike McCoy said they are waiting on PowerSchool to complete their investigation and provide more detail like everyone else.
“I just do not know how long this will take,” McCoy said. He said he believes PowerSchool is taking many steps to prevent future breaches.
Data breaches have become more common as organizations and governments rely on software tools to operate; many U.S. residents are now familiar with receiving letters that say their information has been stolen from one system or another. While responses like credit monitoring and changing passwords can be helpful, when the nature of the data stolen or who exactly has it isn’t known, it can be difficult to understand the potential for additional harm.
A Jan. 7 article by technology news publication Bleeping Computer reported that PowerSchool told some affected schools that it had paid an undisclosed ransom amount to the attacker in return for assurances the data would be deleted and not redistributed. The company has declined to provide details about how it could be certain the stolen information is not being circulated.
A version of this article appeared in the January 22 2025 print edition of the Western Wayne News.