PowerSchool Cybersecurity Breach Affects Indiana Schools

A cybersecurity breach has affected Indiana schools, exposing personal and private information about schoolchildren and teachers.

The breached software, PowerSchool, serves thousands of school districts across the United States and Canada. According to a spokesman for the North Carolina Department of Public Instruction, PowerSchool informed it of the breach on December 19 after discovering the issue on December 28.

Brownsburg Schools, Indianapolis Public Schools, and Noblesville Schools are among those affected by the breach. The compromised data could include students' names, Social Security numbers, dates of birth, and contact information.

PowerSchool's website touts endorsements from Career Academy South Bend, Hamilton Southeastern Schools' Riverside Intermediate School in Fishers, and others. A district data coordinator at Career Academy South Bend said that PowerSchool has helped their school to navigate grades, missing assignments, and teacher notes for parents.

Cybersecurity experts recommend parents secure their children's credit reports by requesting security freezes from each of the three national credit bureaus and change their passwords to PowerSchool. Some districts have shared similar messages with parents through other software they use.

Indianapolis Public Schools' message to families and staff said, "Unfortunately, some of our IPS student and employee data was compromised as part of this breach." 

“We have been notified that our student data software vendor PowerSchool has experienced a widespread cybersecurity data breach. Unfortunately, some of our IPS student and employee data was compromised as part of this breach. 

“PowerSchool serves thousands of school districts across the United States and Canada, and many have been impacted. This unauthorized access was not unique to Indianapolis and could not have been prevented locally. 

“We take the security of our student and staff data very seriously and upon learning of the PowerSchool incident, our Technology Department immediately began an internal investigation. We have been able to determine that the following data was compromised: 

• Student directory information (for example, address, phone number).
• Student demographic information (for example, date of birth, grade in school, grade point average).
• Student medical alert information (for example, asthma, diabetes).
• Parent/guardian directory information (for example, address, phone).

“Some employee data was also included in the breach. 

• Employees who have PowerSchool accounts (typically teachers and administrators) had directory information and the last four digits of their social security numbers compromised. 

“We are also working with our Indiana agencies and law enforcement partners to ensure ongoing safety of Indianapolis Public Schools data. Having said that, we still recommend you review these Best Practices Following a Data Breach. 

“Our IPS Technology Department will have additional conversations with PowerSchool about this breach and will share any additional details as they become available. We also anticipate PowerSchool will be providing impacted individuals with resources for additional information, which we will also share when available.”

Message sent Jan. 9, 2025, to families and staff of Indianapolis Public Schools