PowerSchool's December 2024 breach exposed 62 million student records including SSNs, medical conditions, and disciplinary history -- the largest breach of children's data in U.S. history

In December 2024, PowerSchool, a cloud-based platform managing student grades and records for approximately 16,000 schools serving nearly 50 million students, suffered a data breach that exfiltrated more than 62 million student records and nearly 10 million teacher records. The compromised data included names, addresses, birthdates, Social Security numbers, medical conditions, disability accommodations, individualized education plans (IEPs), disciplinary records, and family income data. Why it matters: children's most sensitive personal information is now in the hands of threat actors, so millions of minors face lifelong identity theft risk before they are old enough to monitor their own credit, so medical and disability information could be used for discrimination as these students enter the workforce, so the breach revealed that a single vendor held extraordinarily sensitive data for one-third of U.S. K-12 students with inadequate security, so the education sector's pattern of centralizing student data in under-secured platforms creates catastrophic single points of failure. The structural root cause is that school districts are compelled to adopt edtech platforms under tight budgets without the resources to audit vendor security practices, while edtech vendors face no mandatory security certification standards and the retirement of the Student Privacy Pledge in May 2025 confirmed that industry self-regulation has failed.