Ohio students’ data compromised in global breach

By Aliah Keller Ohio

PUBLISHED 5:30 PM ET Jan. 10, 2025 PUBLISHED 5:30 PM EST Jan. 10, 2025

COLUMBUS, Ohio — Many students and staff in Ohio are now bracing for the consequences of a global breach after a company called ‘PowerSchool’ that provides a software platform to thousands of school districts around the world says its data has been hacked.

What You Need To Know

Many students and staff in Ohio have been affected by a global breach after a company called ‘PowerSchool’ says its data has been hacked

‘PowerSchool’ provides a software platform to thousands of school districts around the world

Letters have been sent out to parents in several school districts across the state

According to the company’s website, over 60 million students around the world use the software platform for class assignments and attendance, including many in Ohio.

Letters have been sent out to parents in several school districts across the state, saying that they were affected by a data breach against the company ‘PowerSchool.’

Westerville and Upper Arlington in central Ohio and Shaker Heights, North Olmsted and Elyria in northeast Ohio are just a few of the schools affected.

Cybersecurity expert Dan Maldet, owner of the Columbus tech firm CMIT Solutions, said names, addresses, grades, as well as health and medical records may have been taken.

While letters sent out to parents indicated the breach has been contained and that accessed information has been deleted and should not be shared publicly, Maldet said parents should have some reservations.

“I don’t think that just because they said that we should place much trust in that that data is actually deleted,” he said. “I think the reality is we should still think that there’s a possibility that that data could get released or sold or get in the wrong hands.”

While the full scope of the breach remains unclear, Maldet gives some advice to parents.

“The best thing they (parents) can do is if there were credentials that students had or other people had that could have been in that data, that they can change, they can monitor their credit if that’s the case,” he said.

Maldet said it’s important schools learn from their mistakes, so incidents like this don’t happen again.

“What we really need to learn is how we protect that data,” he explained. “It seems like there were some improvements that they could have done to protect it better. And so, you know, take certain protocols like multi-factor authentication. If an attacker is able to get a username and password and access a portal and collect information, having MFA would make that much more difficult, and it doesn’t appear that that was in place here.”