DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

PowerSchool Incident: A few resources for teachers, parents, and former students (2)

Posted on January 10, 2025January 14, 2025 by Dissent

DataBreaches is trying to keep up with updates from PowerSchool, but from the outset, DataBreaches has recommended districts, parents, and teachers assume the worst — i.e., assume that all of the data really weren’t deleted permanently. On the premise of better safe than sorry, and reminding people that PowerSchool’s attorney is not YOUR attorney, here are some protective steps or actions to consider taking, below. I would not wait for any advice from PowerSchool at this point, as none of the suggestions below involve any fees to you and you can immediately begin to take steps to protect yourself.  The following advice is just advice based on what I would do if I was in your situation.

Update: On January 13, PowerSchool uploaded a web page for updates.

For Teachers

Place a security freeze on your credit report now. A security freeze on your credit report stops criminals from opening accounts in your name if a credit report would be required to open a new account. You will be placing a security freeze on your credit reports at three major credit report firms: Experian, TransUnion, and Equifax. You can usually complete the process quickly online.  Experian offers easy-to-understand directions on their website. So do TransUnion and Equifax.

Note:

  • You will need to provide them with your identity information including SSN and they may require you submit proof.
  • The freeze will remain in place until you remove it. If you ever need to allow a firm to check your credit (like for a mortgage application or credit card application), you can usually call these companies to “unfreeze” the report for a short period of time and have it resume after that time.
  • Placing a security freeze on your credit report is free.
  • A security freeze on your credit report will not stop criminals from opening up accounts that do not require a credit report check. You will need to remain vigilant for that.

For Parents of Minor Children

If your child’s Social Security Number (SSN) is involved or may be involved, parents can be advised to check to see if their minor child has a credit report (if under 18, there generally shouldn’t be any credit report). The Consumer Financial Protection Bureau has helpful information as to how to do that and how to challenge any report that is fraudulent.  Frustratingly, the credit reporting bureaus seem to require parents to mail in inquiries or mail in requests to remove a child’s credit report. Experian also has information on how to check if the child has a credit report and how to request removal of the report if they do have one.

Parents may also wish to consider placing a fraud alert on their child’s name.

As with the procedures for teachers, expect to have to provide identity information including SSN to make requests or change records.

For Teachers, Parents, and Former Students Who Have Been Affected

Consider filing a police report to report that your information was stolen. Then if it is ever misused as a result of this incident, there is a record that you notified law enforcement proactively.

Consider contacting your bank and credit card issuers to alert them that your information was stolen and to request that they put a flag or alert on your account in case the information is misused at some point.

If you have ever re-used password or login credentials for important accounts, change your passwords – and don’t just add “2025” or an exclamation point at the end. Criminals are very good at guessing changes in passwords. (Thanks to Doug Levin for suggesting I add this one). 

Other

Attorney Joe Lazzarotti has some helpful suggestions for school districts and schools now and going forward.

K12 SIX has a helpful PowerSchool Cyber Incident FAQ. Need answers that you can’t find? You can contact them.

I have no idea what PowerSchool will offer people in the way of complimentary or mitigation services. They may try to only offer free credit monitoring and identity theft restoration services to those whose SSN was involved. And they may claim that they cannot offer certain services to very young children because services may not be available for children younger than a certain age or in certain states.

PowerSchool and individual school districts who self-host are bound by state laws. If teachers want to check their state’s breach notification laws, you can find them linked from here. Sadly, that national council table does not include state statutes requiring notification of breaches of student data, and FERPA, the federal law protecting the privacy of student education records, does not require individual notification of breaches involving student data. For state-regulated obligations applicable to student data, you will have to find your state’s laws specific to student data. So far, I haven’t found any updated compilation I can point you to, but I’m still looking.

I hope the above is some help to those who are affected and want to take steps to protect themselves.

Updated January 12 to include links to Joe Lazzarotti’s article and K12 SIX’s FAQ.

 

 

 

Related posts:

  • A guilty plea in the PowerSchool case still leaves unanswered questions
  • Madison Square Garden Company Alerts Customers of Payment Card Data Breach
  • PowerSchool discloses breach affecting hosted and self-hosted school k-12 districts (2)
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
Category: Breach LawsCommentaries and AnalysesEducation SectorOf Note

Post navigation

← Hong Kong privacy watchdog warns URA over leaked details of 199 tenants, owners
PowerSchool Sued Over December Breach of Student, Teacher Data →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.