Powerschool data breach affects 16,000 students in the UK

US EDTECH giant Powerschool has confirmed that 16,000 people in the UK stole personal and sensitive data in the December 2024 data breach.

This week, Powerschool began notifying people outside the U.S. and Canada that were affected by violations. The incident was confirmed by Powerschool in January, and hackers accessed the personal data of millions of students and teachers after using a compromised certificate in violation of the company’s customer support portal.

Powerschool has not confirmed how many international students have been affected. But Powerschool spokesman Beth Kebler confirmed in an email statement to TechCrunch that four schools in the UK were affected and hackers accessed data from "around 16,000 students."

In a letter sent to affected individuals outside the United States and Canada, Powerschool said the accessed data included contact information for students, dates of birth, limited medical data and "other related information."

"For any given person, any given individual in our client base is deprived of information." Powerschool refused to name the UK schools affected by the incident.

Powerschool noted on the event page that went offline at the time of the company's release that it will not provide credit monitoring services for data breaches outside the United States and Canada.

Lucy Milburn, a spokesman for the UK Information Commissioner's Office (ICO), told TechCrunch it has not received a data breach report from Powerschool.

Keber confirmed that the company did not submit a data breach report to the ICO, claiming that it was because Powerschool “does not act as a data controller” and that the organization determined the purpose and means of determining personal data under the UK Data Protection Act.

TechCrunch has contacted the ICO and raised further questions about Powerschool's claims.

Powerschool has not confirmed the total number of individuals affected by the December violation, although it told TechCrunch “has identified schools and districts that involve data on this incident.”

The violations reportedly affected personal and sensitive data from more than 62 million students and 9.5 million teachers. Powerschool has repeatedly refused to confirm whether the number is accurate, but on its website, the company says its technology has been used by more than 60 million students.

Do you have more information about Powerschool data breaches? We would love to hear from you. With non-working devices, you can contact Carly Page safely via +44 1536 853968 or via email carly.page@techcrunch.com.