200 Indiana districts affected by PowerSchool cyberattack

Around 200 Indiana school districts and schools are dealing with the aftermath of a cybersecurity attack on PowerSchool, which affected sensitive data of students and employees statewide.

Discovered in December, the attack resulted in a breach to personal information, including names, addresses, birth dates, and Social Security numbers.

Schools were not widely notified until more than two weeks after the breach occurred. PowerSchool, which supports more than 60 million students and serves over 18,000 customers in more than 90 countries, said it is investigating the incident.

The company said it is coordinating with affected districts and will provide additional information and resources, such as credit monitoring and identity protection services.

PowerSchool recently published information about the breach on its website, including guidance for families and schools.

Indianapolis Public Schools told families in am email that its compromised data included student directory information, demographic details such as grade level and GPA, medical alerts, and parent or guardian contact information. Employee data, including directory information and the last four digits of Social Security numbers for teachers and administrators, was also affected.

“We take the security of our student and staff data very seriously and upon learning of the PowerSchool incident, our Technology Department immediately began an internal investigation,” IPS stated.

IPS recommends that families review best practices following a data breach, such as monitoring financial accounts for unusual or unexpected activity.

The Indiana Department of Education confirmed the number of school districts and schools impacted by the hack. The department urged schools to maintain communication with families and consult with legal counsel and cybersecurity insurance providers.

“As with any data breach, impacted schools are encouraged to provide ongoing communication with parents and families as additional information becomes available,” the department said in a message last week.

Meanwhile, Carmel Clay Schools in Hamilton County confirmed that its systems were not impacted by the breach. 

“Our own internal investigation has also confirmed that none of our school district's data was compromised,” Carmel officials told families.

PowerSchool, in a statement on its website, said it was committed to addressing the breach.

“We are working to complete our investigation of the incident and are coordinating with districts and schools to provide more information and resources (including credit monitoring or identity protection services if applicable) as they become available,” the statement said.

Eric Weddle is WFYI's education team editor. Contact Eric at eweddle@wfyi.org or follow him on X at @ericweddle.