A cyberattack on a third-party software platform used by school districts across Wisconsin resulted in the unauthorized access of student and staff information.
California-based PowerSchool, the leading provider of cloud-based K-12 software in North America, informed school districts on Tuesday that an unauthorized user gained access to customer data from its student information system.
In a letter to customers, the company said it detected the breach on Dec. 28 and conducted an investigation in the following days. PowerSchool says it has contacted law enforcement and the incident is “contained.”
Stay informed on the latest news
Sign up for WPR’s email newsletter.
“We have taken all appropriate steps to prevent the data involved from further unauthorized access or misuse,” PowerSchool officials said in the letter to customers. “We do not anticipate the data being shared or made public, and we believe it has been deleted without any further replication or dissemination.”
The breach has affected school districts in Wisconsin and other states, like Indiana, Louisiana, Alabama and North Carolina.
It’s unclear how many Wisconsin school districts use PowerSchool’s Student Information System. In an email, a PowerSchool spokesperson declined to provide specific data.
They said the company is still working through a “detailed data review,” and its priority is providing all necessary details to customers as soon as possible.
“PowerSchool is committed to protecting the security and integrity of our applications,” the spokesperson said. “We take our responsibility to protect student data privacy and act responsibly as data processors extremely seriously.”
Although the data breach was not a ransomware attack, PowerSchool did pay a ransom to ensure information was not released, according to letters to families from two northeast Wisconsin school districts.
In a webinar with school districts Thursday, Mishka McCowan, chief information security officer for PowerSchool, said the root cause of the data breach was “compromised” login credentials.
“These credentials were on the dark web — we’re still investigating how they got there,” he said. “Then the attacker found them, used them and that’s how we got to where we are now.”
PowerSchool says it deactivated the compromised credential, restricted access to the affected online portal and conducted a full password reset.
The state Department of Public Instruction said in a statement that the data breach occurred “outside the control” of local school districts. The agency has been briefed by PowerSchool and believes the breach has been contained.
“The full scope of the incident and its potential impacts are still under evaluation by PowerSchool,” the statement from DPI said. “Due to a lack of dedicated funding, school districts remain particularly vulnerable to cybersecurity threats.”
The department says it will continue communicating with PowerSchool and local districts to assess the full impact and determine next steps.
Wisconsin districts using PowerSchool weigh in
Some of the school districts that received notifications from PowerSchool regarding the breach include West De Pere, Howard-Suamico, Reedsville, Superior and Verona.
The information taken in the PowerSchool breach nationally included names and addresses of students and staff, as well as Social Security numbers in some cases but not all, according to West De Pere Superintendent Jason Lau.
“The School District of West De Pere does not collect Social Security numbers,” Lau wrote in a letter to the community Wednesday. “Additionally, no financial information was compromised.”
In a letter to families, the Howard-Suamico School District also said it does not collect Social Security numbers, but information affected could include names, demographics, addresses, parent or guardian names, email addresses and phone numbers.
“PowerSchool assured us that it received reasonable assurances from the threat actor that this data was deleted and that no additional copies exist,” the Howard-Suamico letter reads. “No action is required from (district) families at this time.”
Meanwhile, Superior School District Administrator Amy Starzecki said via email her district is waiting for more information from PowerSchool and is “closely monitoring the situation.”
“As we learn more, we will share updates to our school community,” Starzecki said. “It is worth noting that this breach was on PowerSchool’s end and not individual school districts.”
The Verona Area School District said in a statement its technology team has been in communication with PowerSchool’s response team. The Verona school system says PowerSchool is working closely with law enforcement and cybersecurity experts to prevent compromised data from being made public.
“We remain steadfast in our commitment to transparency and the protection of our community’s information,” the Verona Area School District said. “If additional updates become available from PowerSchool, we will ensure our staff and families are promptly informed.”
In a phone interview, Reedsville School District Superintendent Michael Nate said he is confident that financial information for parents in his district was not compromised because they use a different third-party provider for those services.
Nate said demographic information including names or birth dates may have been compromised, but the full extent remains unclear.
“We haven’t really been told whether or not our school district has been (fully) affected,” he said. “I think the blanket email came out to all PowerSchool users, no matter whether or not they were fully affected.”
The PowerSchool attack comes after the state Department of Agriculture, Trade and Consumer Protection recorded 10 data breaches in 2024. A cyberattack on the Missouri-based Ascension health in May was found to have affected 5.6 million patients nationally, including some in Wisconsin.
“Unfortunately, in the day and age we live in, this is a constant battle for us and for every school district,” Nate said. “We’re working on cyber hacks and cybersecurity incidents all the time, and just have to be ultra vigilant when those things are happening.”
Wisconsin Public Radio, © Copyright 2025, Board of Regents of the University of Wisconsin System and Wisconsin Educational Communications Board.
