PowerSchool, a leading U.S.-based edtech company, has confirmed that 16,000 students in the United Kingdom had their personal and sensitive data stolen during a data breach in December 2024.
The company began notifying individuals outside of the U.S. and Canada about the breach this week.
The breach, which was first acknowledged by PowerSchool in January, involved hackers gaining access to millions of students’ and teachers’ data by exploiting compromised credentials to access the company’s customer support portal. While PowerSchool has not disclosed the exact number of international students affected, a company spokesperson confirmed that four schools in the UK were impacted, and approximately 16,000 students’ data was compromised.
The stolen data includes students’ contact details, birth dates, some medical information, and other related data. PowerSchool clarified that the type of data stolen varied across its customer base. However, the company has not named the UK schools involved.
Although PowerSchool’s incident page was offline at the time of publication, it was noted that the company would not offer credit monitoring services to those affected outside of the U.S. and Canada. Additionally, the U.K.’s Information Commissioner’s Office (ICO) had not received an official breach report from PowerSchool. The company explained that it did not file a report with the ICO because, under U.K. data protection law, PowerSchool does not act as a data controller—meaning it doesn’t determine how personal data is processed.
The breach has affected over 62 million students and 9.5 million teachers globally, though PowerSchool has not confirmed these figures. The company’s technology is reportedly used by over 60 million students, but it has yet to verify whether this number aligns with the scope of the breach.
