PowerSchool is a platform working with 18,000 customers in 90 countries; and by extension used by 60 million students. The platform is the largest provider of cloud-based education software solutions in the United States. More than 75% of students in North America use the platform to manage attendance, grades, forms management, and more. Maybe you have heard of the platform, most of us hadn’t, but in December 2024, hackers accessed “sensitive information” including social security numbers, medical information, and other personally-identifiable details. PowerSchool paid the ransom and then stared sending tepid letters to partner schools.

The Bigger the Breach, the Slower the News Coverage

Media coverage of the breach has slowly dripped out in fits and starts, primarily from local media outlets whose school districts have confirmed their families have been impacted. But with the exception of TechCrunch, there has been little national or in-depth coverage. And yet, initial details suggest this breach is on track to likely be the largest and most damaging to the US education sector ever.

The Wrong Kind of Trend

If it seems like breaches are occurring on a more regular basis, you would be right. And the advent of AI innovation makes it much worse. First, because AI makes criminal use of the data easier, and second, because data is at such a premium, making it an increasingly valuable asset to sell.

So, it goes without saying that we need to pay attention, ask for accountability from vendors and from the school districts that use tech platforms, protect our families’ data, know what to do in a breach, and teach kids data privacy best practices going forward.

What to Do»

First, don't panic. We all panic, it's natural. But by putting one step in front of the other, you'll regain control and be prepared for future breaches. While it might seem logical to first ask your child if they use PowerSchool and contact your school to confirm if they've received communication from PowerSchool, these steps should actually be taken regardless.

1. Protect your credit.

Unfortunately many of us have already had our social security numbers stolen as part of the NPD breach. It’s worth doing a quick check to see if you were involved. More details on how here »

Were Your Affected by Massive Social Security Number Breach?

Shannon Edwards

·

August 29, 2024

Even with my personal radar on high alert for data breach news, my own response to articles about the massive social security number breach this week was a bit like molasses.

Read full story

If you do believe that your social security number was breached, consider freezing your credit. This is actually worth doing even if you are not concerned about a breach. It only takes one click to turn the credit check functionality to "off" (or "freeze"), and it's equally easy to reenable it. You can also do this for kids with social security numbers. Just visit each of the credit bureaus, set up an account, and turn each off.

Experian
Transunion
Equifax

2. Sign up for ssa.gov.

Even if you've frozen your credit bureau accounts, you still want to make sure to watch for any misuse of your social security number. You can set up an account on the Social Security Administration's website and periodically check your statements for anything that looks amiss.

3. Change all of your passwords.

If you don't already use a password management tool, you should. Even if you know this, have been told many times, and seem to never do it: now is the time. It might take a bit of work to get everything set up, but it will be worth it. You can easily generate strong passwords and store them in one place. What criminals are looking for are more pieces of your own personal puzzle. If they have some of the pieces, they begin to look for more.

4. Clean house and get control.

Remnants of data just make anything stolen stronger. Remove unused apps, close accounts you don’t need, etc. Unsubscribing is not enough either, you need to email each website and ask for your account to be closed and your personal information removed. Consumer Reports’ Permission Slip has an app that can help you do this more efficiently. Also great is EasyOptOuts. For $19.99 this service goes out quarterly and works to get you off of data broker lists. Finally, Google has a new feature called “Results About You” which will alert you to data that you might want to remove (sometimes it’s info that can’t be removed, such as property tax detail, but Google will let you know if it’s not deletable).

5. Get involved.

Schools are as overwhelmed as parents and doing their best to navigate this new terrain, so we need to help them. Parents need to teach their children what it means to protect their privacy. We need to hold schools accountable for ensuring platforms used in the classroom comply with state laws. We need to bring these issues up at school board meetings and with the PTA. This is a battle that will only intensify, but we can do it together.

Want to talk about New York City students and schools: Contact Danyela.

Message Danyela at Families for New York