What to Do After a Vendor Data Breach: A Guide for Schools

If you have not heard the news by now, PowerSchool, the most implemented student information system for schools in North America, confirmed a major data breach in the last week of December 2024. According to their statement, personal information such as names, addresses, and Social Security numbers was stolen by "unauthorized actors” for a subset of their users. PowerSchool has not published those affected but is notifying schools impacted by the breach. If you’re reading this, you may have been one of the several school districts across the country impacted by the breach. And if so, you may be wondering, “what can we do about it?”

Well, in this article, we’d like to give you some practical steps to take after an education technology vendor experiences a data breach like this, and some of the downstream risks to watch out for in the future.

But first, we’d like to acknowledge PowerSchool’s quick response on the matter. As soon as PowerSchool confirmed the breach, they immediately followed their cybersecurity response procedures to gain further insight into what happened. This is why it is so important when performing third-party risk assessments to ensure your vendors have an incident response plan in the unlikely event that they will need it.

Change your locks, change your keys

Threat actors have various motivations for breaking into organizations. Sometimes it can be to ransom data for money, and other times it is to gain access to further targets to focus on. When a breach like this occurs, always ensure that you change all credentials you have with the vendor and enable multi-factor authentication (MFA) wherever possible. Those accounts should be considered compromised and reset out of precaution.

Follow good credential management hygiene

Ideally, you should not be using the same password for multiple accounts, but this does happen. In that case, you should also reset those credentials as well if they are related. In data breaches, malicious actors will often collect compromised credentials and test to see if they are used in any other systems. In this case, PowerSchool stated that the breach was caused by “using a compromised credential” to gain access to the student information system.

We recommend using a password manager, such as 1Password or Bitwarden, to store and share all of your credentials. These are designed to be secure vaults to store your passwords so that you do not set them to something easy to memorize or write them down insecurely. Let us know if you are interested but need help setting up one of these systems.

Notify your students and parents

If you have not done so already, you should notify your students and parents of the breach and whether or not it affects them. If their first time hearing of the incident was from social media or news sites, they will wonder if this affects them. An official statement can go a long way in giving them peace of mind.

Given that in some cases the information accessed included social security numbers, parents should be on the lookout for signs of credit misuse. If PowerSchool decides to provide credit and identity monitoring services, then make sure parents are given the resources on how to access those services. Otherwise, families may want to consider performing a credit freeze to restrict access to their credit reports, which would restrict someone from opening unauthorized lines of credit in their name.

Data breaches are rarely one-and-done

Data breaches can create ongoing risks that require active monitoring. Malicious actors can use compromised information for months or even years after an initial breach. PowerSchool has stated they “do not anticipate the data being shared or made public,” and “believe it has been deleted without any further replication or dissemination,". However, it is common for attackers to use compromised information for months or years after an initial breach. For this reason, continue to watch for unusual activity especially in the first few months. It may also be worth planning ahead by reviewing your own incident response plan and emergency response budget, just in case.

Our School Harbor Cybersecurity Team provides tailored solutions to help you implement practical security measures that safeguard sensitive data while maintaining cost and efficiency. Schedule a call with us today to learn how we can enhance your school's security.