After the Breach: What Schools Can Learn from the PowerSchool Cyberattack

In December 2024, PowerSchool, a widely used student information system, suffered a significant cybersecurity breach. Hackers gained unauthorized access to the PowerSource customer support portal, exploiting compromised credentials and the absence of multi-factor authentication. This breach exposed personal data of students and staff across numerous school districts in the U.S. and Canada, including names, addresses, Social Security numbers, medical records, and academic information.

In an attempt to mitigate the damage, PowerSchool paid a ransom to the attackers, who provided a video purportedly showing the deletion of the stolen data. However, this assurance proved unreliable. By May 2025, multiple school districts reported receiving new extortion demands from the same threat actors, indicating that the data had not been destroyed as promised.

The Fallout: Schools Under Siege

The breach’s repercussions have been widespread. On Long Island, over 20 school districts experienced cyberattacks, compromising the personal data of more than 10,000 students. Similarly, the Toronto District School Board confirmed receiving extortion communications, with the attackers threatening to release stolen data unless the schools paid additional ransoms.

These incidents have not only jeopardized the privacy of students and staff but have also strained the resources of educational institutions, many of which lack the infrastructure to respond effectively to such threats.

The Imperative: Strengthening Cybersecurity in Education

DynaFile makes it easy to locate any file using cross-reference searching by employee, document type, department, or location. Whether preparing for an audit, updating an employee’s records, or retrieving a signed policy acknowledgment, you can find the right document instantly. The PowerSchool breach is a stark reminder of the critical importance of cybersecurity in educational settings. Schools must adopt comprehensive security strategies to safeguard sensitive information and maintain trust. Key measures include:

• Implementing Multi-Factor Authentication (MFA): Adding an extra layer of security to prevent unauthorized access.
• Regular Security Audits: Conducting periodic assessments to identify and address vulnerabilities.
• Employee Training: Educating staff about phishing scams and safe data handling practices.
• Secure Document Management Systems: Utilizing platforms like DynaFile to effectively manage and protect digital records.

As the best-in-class education document management system, DynaFile is trusted by schools, districts, and institutions to simplify the complex demands of managing employee, faculty, staff, and student files. It provides secure, FERPA-compliant cloud storage for student records, HR files, and administrative documents, all organized through customizable metadata and access permissions. With role-based security controls, audit-ready reporting, and automated file retention policies, DynaFile protects sensitive data and helps schools fully comply with privacy regulations. Seamless integrations with SIS, HRIS, and e-Signature platforms reduce human error and ensure critical records are stored securely.

By adopting a secure document management system like DynaFile, schools can take proactive steps toward better cybersecurity while creating a smoother, more efficient way to handle records behind the scenes.

Final Thought

Cyberattacks like the PowerSchool breach are no longer rare events. For schools, safeguarding sensitive records is not just about IT but about protecting trust. By combining innovative policies with secure platforms like DynaFile, educational institutions can strengthen their defenses, support compliance, and keep student and staff data safe in an increasingly digital world.

Want to learn how DynaFile can help your school secure education records and boost compliance? Schedule a customized demo today!

Education Cybersecurity & Document Management: FAQ