(NewsNation) — A leading education technology firm was the target of a data security breach last month, potentially exposing millions of students and teachers' sensitive data including Social Security numbers and medical information.

PowerSchool, the largest provider of cloud-based education software for K-12 education in the country, notified schools about the incident earlier this month, but the full scale of the cyberattack is still coming into view.

A new report from BleepingComputer, a cybersecurity news outlet, said the data breach impacted more than 62 million students and over 9.5 million teachers across 6,500 school districts.

Those numbers reportedly come from an extortion demand the hacker sent to the company.

A spokesperson for PowerSchool would not confirm or deny the figures in an email to NewsNation, but the company's website says it supports more than 60 million students globally.

Here's what we know about the PowerSchool data breach and what information was exposed.

What happened?

PowerSchool said it first became aware of the breach Dec. 28 after customer data from its PowerSchool Student Information System (SIS) was stolen through its PowerSource support portal.

PowerSchool SIS is a student information system that schools and districts use to manage grades, track attendance, enrollment and other student records.

Hackers accessed the portal using compromised credentials and stole the data using an "export data manager," BleepingComputer reported.