U.S. edtech giant PowerSchool has confirmed that a data breach in December 2024 compromised the personal and sensitive information of 16,000 students in the United Kingdom. The company began notifying affected individuals outside of the U.S. and Canada this week, following initial reports in January.
Beth Keebler, a spokesperson for PowerSchool, stated that the breach involved hackers accessing the customer support portal using compromised credentials, affecting four schools in the U.K. The stolen data includes students’ contact information, dates of birth, and limited medical details.
Despite the breach impacting millions, PowerSchool has not disclosed how many international students were affected. The company has also not filed a data breach report with the U.K.’s Information Commissioner’s Office (ICO), arguing that it does not act as a data controller under U.K. law.
PowerSchool has yet to confirm the total number of individuals impacted, but the breach reportedly affected over 62 million students and 9.5 million teachers globally. The company declined to offer credit monitoring services to victims outside of the U.S. and Canada.
