Schools across the US and Canada are warning parents that a data breach may have leaked information for students and employees. The K-12 operations platform PowerSchool, which supports over 60 million students and has over 18,000 customers worldwide, suffered a breach that could’ve exposed names and addresses of students and educators and, in some cases, more sensitive information like Social Security numbers, medical information, and grades.

As initially reported by Bleeping Computer, threat actors got into PowerSchool’s support platform using compromised credentials. PowerSchool told Bleeping Computer that only a “subset” of schools are affected but has not provided a count of affected school districts or people. Additionally, the outlet says that in a note provided to its customers, PowerSchool claimed it paid a ransom request and “…has received reasonable assurances from the threat actor that the data has been deleted and that no additional copies exist.”

PowerSchool’s website and social media channels have no mention of the data breach or directions for people who may have been affected.

In an email to The Verge, PowerSchool spokesperson Beth Keebler wrote that the company became aware of “a potential cybersecurity incident” on December 28th and has “taken all appropriate steps to prevent the data involved from further unauthorized access or misuse.” Keebler also wrote:

The incident is contained and we do not anticipate the data being shared or made public. PowerSchool is not experiencing, nor expects to experience, any operational disruption and continues to provide services as normal to our customers.

Schools across the US and Canada are warning parents that a data breach may have leaked information for students and employees. The K-12 operations platform PowerSchool, which supports over 60 million students and has over 18,000 customers worldwide, suffered a breach that could’ve exposed names and addresses of students and educators and, in some cases, more sensitive information like Social Security numbers, medical information, and grades.

As initially reported by Bleeping Computer, threat actors got into PowerSchool’s support platform using compromised credentials. PowerSchool told Bleeping Computer that only a “subset” of schools are affected but has not provided a count of affected school districts or people. Additionally, the outlet says that in a note provided to its customers, PowerSchool claimed it paid a ransom request and “…has received reasonable assurances from the threat actor that the data has been deleted and that no additional copies exist.”

PowerSchool’s website and social media channels have no mention of the data breach or directions for people who may have been affected.

In an email to The Verge, PowerSchool spokesperson Beth Keebler wrote that the company became aware of “a potential cybersecurity incident” on December 28th and has “taken all appropriate steps to prevent the data involved from further unauthorized access or misuse.” Keebler also wrote:

The incident is contained and we do not anticipate the data being shared or made public. PowerSchool is not experiencing, nor expects to experience, any operational disruption and continues to provide services as normal to our customers.