Online student information platform used by Alabama schools hit by global cyberattack

—

January 10, 2025

Several public schools in Alabama suffered a data breach earlier this week after a global cyber attack hit an online student information platform. The portal, known as PowerSchool, was reportedly accessed by an outside source through a compromised credential.

Authorities believe that student grades and medical information may have been accessed. However, PowerSchool does not hold vital personal information like social security numbers.

The Alabama Department of Education released a statement following the cyber attack.

“According to the company, they immediately launched cybersecurity response protocols, including involving law enforcement and third-party experts,” read the statement. “PowerSchool stated that the incident has been contained, with no evidence of malware or ongoing unauthorized activity, and PowerSchool continues normal operations. The compromised credentials were deactivated and the affected portal was secured. This was not a denial-of-service attack. The data accessed primarily included information related to families and educators, such as names and addresses, depending on the school district.”

“PowerSchool will offer credit monitoring and identity protection services to those whose sensitive data was compromised. This may or may not include clients in Alabama because, again, we do not collect or store the most sensitive personal data like Social Security Numbers.”

According to a report from Alabama Daily News, State School Superintendent Dr. Eric Mackey said that even though officials don’t know yet the exact extent of the data that was stolen, individual bank accounts were not accessed.

“Obviously, we’re very concerned about this – concerned about it every day – because there’s just no way to ever completely say all of this data is 100% secure,” Dr. Mackey stated.

ADN also reports that PowerSchool hosts applications to help K-12 schools manage their information systems. The company informed customers in a letter, later published in news reports that the breach was discovered on December 28. The hackers gained access through the company’s PowerSource portal, which hosts information on students and teachers. However, the letter stated that no other PowerSchool products were affected.

PowerSchool is now working in conjunction with the FBI to investigate the cyber attack.

Austen Shipley is the News Director for Yellowhammer News. You can follow him on X @ShipleyAusten