Canadian School Systems Faulted in PowerSchool Data Breach
Canadian privacy regulators released investigative reports attributing significant responsibility for the PowerSchool data breach to the school systems that used the platform. The breach, which occurred in December, exposed personal information of over 62 million students and 9 million teachers, with data in some cases dating back to 1985. The reports highlighted that the affected schools failed to include adequate privacy and security provisions in their contracts with PowerSchool, did not effectively monitor the company's security safeguards, and lacked proper breach response protocols. Additionally, the lack of multifactor authentication and insufficient limitations on remote access for PowerSchool support personnel were cited as key security lapses.
The Ontario and Alberta information and privacy commissioners recommended that schools renegotiate contracts to strengthen privacy and security requirements, implement better oversight of third-party vendors, and establish more robust breach response plans. The incident underscores the importance of comprehensive vendor management and the need for educational institutions to enforce standard security practices, such as multifactor authentication, to protect sensitive student and staff data.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Canadian privacy regulators release findings on PowerSchool breach
Privacy commissioners in Ontario and Alberta issued coordinated findings in November 2025 concluding that Canadian school boards shared responsibility for the PowerSchool breach alongside the vendor. The reports cited weak contracts, poor oversight of vendor access, lack of MFA for support sessions, and inadequate breach-response planning.
Matthew Lane pleads guilty in extortion conspiracy case
A 19-year-old Massachusetts student, Matthew Lane, pleaded guilty in May 2025 to conspiring to extort a school software supplier. A source indicated the targeted company was PowerSchool.
PowerSchool reportedly pays ransom after the intrusion
After the December 2024 breach, PowerSchool reportedly paid a ransom and said the stolen data had been deleted. Later extortion attempts against individual districts suggested the data may not actually have been wiped.
PowerSchool breach exposes student and staff data
In December 2024, attackers used compromised credentials to access PowerSchool data, exfiltrating entire database tables. The breach affected about 3.86 million people in Ontario and more than 700,000 in Alberta, exposing personal, educational, and in some cases medical information.
Unauthorized access to PowerSchool systems goes undetected
Investigators found earlier unauthorized access to PowerSchool systems between August and September 2024. The activity was not detected at the time because of the company's short log-retention window.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Education boards left gates wide open for PowerSchool mega-breach, say watchdogs
go.theregister.com
Open sourceReport released on PowerSchool cyber attack
databreaches.net
Open sourceCanadian privacy regulators say schools share blame for PowerSchool hack
therecord.media
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
PowerSchool SIS Breach Exposed Student and Staff Data
PowerSchool disclosed a security incident affecting its Student Information System (SIS), a platform widely used by K-12 school districts to manage student records, enrollment, attendance, grades, and related administrative data. Reporting on the breach indicates attackers accessed sensitive information stored in SIS environments, with exposed data potentially including student and staff names, contact details, dates of birth, Social Security numbers, medical information, and other school records, depending on the district. The incident raised broad concern across the education sector because a compromise of a centralized SIS provider can affect many districts at once and expose minors' data alongside employee information. Public coverage and PowerSchool's incident communications indicate the company moved to investigate and notify affected customers, while schools and families were urged to review breach notices, monitor for identity theft, and assess the long-term privacy impact of the exposure of highly sensitive educational records.
May 2, 2026
PowerSchool Breach Exposed Student and Teacher Data as Minnesota District Faced Suspected Ransomware
A breach tied to **PowerSchool**, a widely used K-12 software provider, exposed student and teacher information from school districts across the U.S., including New Jersey districts where officials said data on students and educators was stolen in a nationwide cyberattack. Reporting on the incident said the compromise affected records held by schools using the platform, raising concerns about the scale of exposure across the education sector and the security of sensitive K-12 data. Separately, **Spring Lake Park Schools** in Minnesota canceled classes and shut down technology systems after an outside actor gained unauthorized access to district networks in what officials described as a suspected ransomware incident. The disruption affected classes, child care, community education, and after-school programs, while the district worked with third-party cybersecurity experts, state law enforcement, and the **FBI** to contain the intrusion and restore operations; officials later said classes would resume and that they had no evidence at that point that personal information had been affected.
May 25, 2026
French Education Breaches Expose Data on 1.7 Million People
French education authorities disclosed two significant breaches affecting both public and Catholic school administration systems. The Ministry of National Education said its `Compass` platform, used to manage trainee teachers in primary and secondary education, was compromised after a user reportedly opened a fraudulent email attachment and had credentials stolen. The incident exposed data on about **243,000 people**, including identity and contact details, absence periods, and the identities and professional phone numbers of tutors, though the ministry said no health data was involved. ANSSI was brought in, a crisis cell was opened, and the ministry announced a security plan centered on **multi-factor authentication**, stronger data segmentation, and reduced application exposure. Separately, the Secrétariat général de l’enseignement catholique reported a cyberattack on its management application for nursery and elementary schools that affected about **1.5 million people**. Unauthorized access exposed identification data for application users and contact information for students, families, and teachers, including names, postal and email addresses, phone numbers, and dates of birth, increasing the risk of phishing. The organization said it secured access, suspended affected services, notified authorities including the French Ministry of Education, and engaged specialist responders, while a forum user calling themselves **"Ryolait"** allegedly offered the stolen database for sale starting at **$2,000**. The incidents add to mounting concern over weak security in the education sector, which ANSSI has described as a frequent target of opportunistic attacks.
Mar 26, 2026