Sensitive data belonging to students and teachers across several K-12 school districts appears to have been stolen in a recent breach of a major education technology provider.

Why it matters: Kids aren't immune to identity theft, and an increasing number of them are encountering identity fraud before turning 18, according to recent surveys.

Driving the news: PowerSchool — an education technology company that works with 75% of all K-12 school districts in the U.S. — has started sending notifications to parents about a recent data breach of their systems.

• Parents across the country started receiving messages from their respective school districts this week about the extent of the breach and what data was likely compromised, according to emails seen by Soixa and local news reports.

• Student ID numbers, birth dates, home address, medical alerts and even free and reduced meal status information was compromised in some districts.

• Social Security numbers appear to have been spared in some districts, according to initial investigations. But other districts' Social Security numbers may have been exposed, according to an internal FAQ seen by BleepingComputer this week.

• A PowerSchool spokesperson said in a statement that the company has mobilized a "cross-functional response team" to respond to the incident and that it is "committed to helping affected customers, families, and educators with resources and support as we work through this together."

Reality check: Once hackers have stolen someone's data, there is little recourse for individuals.

Parents are advised to check if their children already have a credit report and contact the respective credit report firm with findings, per advice from reputable privacy blog DataBreaches.net. (You might have to do this by mail.)

• The Consumer Financial Protection Bureau has resources to help navigate the process.

• Parents can also place a fraud alert on their child's name by contacting each of the three major credit bureaus and informing them that their child may be at risk of identity theft.

• Affected individuals should also reset any passwords that may have been compromised in the breach.

Teachers are also advised to freeze their credit reports now, even if they aren't sure if they were impacted yet.

• Doing so will prevent cybercriminals from being able to open new accounts in their names.

By the numbers: One in 8 U.S. children has experienced a compromise of their identity as part of a data breach in the past six years, according to a report released last month by research firm Javelin.

• One in 43 U.S. children have had their personally identifiable information stolen in a breach in the last year, the report also found.

The big picture: Hacking a school district isn't tough.

• Many districts don't have the budget for major IT upgrades or to hire a robust security team.

• Hybrid learning has also resulted in more districts putting sensitive student information in the hands of third-party edtech providers.

What they're saying; "The incident should serve as a clarion call for school districts to re-evaluate the security practices they have in place for remote vendor access to their systems," Doug Levin, national director of the K-12 Security Information eXchange, told Soixa in an email.

• "At present, the third-party risk management practices of most school systems are immature — and much work is warranted before, during, and after procurement."

What we're watching: Each compromised school district was impacted in different ways, and PowerSchool hasn't said much about how many students' information was compromised.

Go deeper: School cyber teams go back to the drawing board