PS Logo.png

PowerSchool Data Breach Information

  • January 30, 2025

    Dear Cass School District 63 Parents,

    In the January 9 Connections, I shared that PowerSchool had a data breach that potentially compromised personal student information. Of course, we find this completely unacceptable, but I wanted to do our very best to keep you informed regarding everything that we know as this has developed.

    In case you missed previous communications, this was a nationwide breach and we were informed that the actor was identified, and PowerSchool assured us that the incident is contained. They also stated that there is no evidence of malware or continued unauthorized activity. PowerSchool also said they do not anticipate the data being shared or made public, and they believe it has been deleted without any further replication or dissemination.

    As a school district, we put together this PowerSchool Data Breach Information page so we can update information as we learn more. It also includes some FAQs of what we understand, as well as any recent communications from PowerSchool at the bottom of the page. 

    On January 29, we received an update from PowerSchool, which is included at the bottom of our information page. The communication states in part that PowerSchool has “initiated the process of notifying involved individuals about the resources now available to them. As part of this process, we have posted a notice to our website. Credit monitoring and identity protection services are now activated and available.”

    According to PowerSchool, a direct email notification will be distributed by Experian on behalf of PowerSchool in the coming weeks “to applicable current and former students (or their parents / guardians as applicable) and educators for whom we have sufficient contact information.”

    It is good to know that they will be attempting to contact impacted families directly. We will continue to share any updates as they become available. Please feel free to reach out with any questions, and thank you for your patience as we continue to learn all that we can.

    Mark R. Cross, Superintendent

    What Happened?
    In December 2024, a PowerSchool employee’s credentials were compromised, allowing unauthorized access to data stored in their global Student Information System (SIS). This breach impacted districts across the nation and internationally. PowerSchool became aware of the breach on December 28, 2024, and took immediate action, including notifying law enforcement, securing their systems, and engaging cybersecurity experts to investigate and respond. School districts were notified of the breach by PowerSchool on January 7, 2025. Here is a recent Newsweek article regarding the incident.

    What Data Was Accessed?
    PowerSchool has indicated that the data accessed may include: names, addresses, and phone numbers, as well as student health and grade information. They have indicated that no passwords, Social Security numbers, financial information, or photographs were included in the breach.

    What Do We Know Now?
    PowerSchool has assured us of the following:

    • The incident has been contained, and there is no evidence of malware or ongoing unauthorized activity.
    • The accessed data has been deleted without replication or dissemination. PowerSchool is actively monitoring the dark web to ensure the data is not shared or misused.
    • There is no anticipated operational disruption to their services.

    What Is PowerSchool Doing?
    PowerSchool has taken action to address the breach, including:

    • Engaging third-party cybersecurity experts and law enforcement to assist in their investigation.
    • Deactivating the compromised credentials and restricting access to the affected portal.
    • Implementing a complete password reset and enhanced access controls to prevent future incidents.

    What Happens Next?
    As a school district, we will continue to monitor updates from PowerSchool and share information here as it becomes available. While PowerSchool is fully responsible for this incident, Cass School District 63 is fully committed to protecting the privacy and security of our students, families, and our staff.

    What Communication Did PowerSchool Provide?
    Following are communications that was received from PowerSchool:

    January 29, 2025

    Dear Valued Customers,

    We sincerely appreciate your continued support as we respond to our recent cybersecurity incident. Since our last update, we have initiated the process of notifying involved individuals about the resources now available to them. As part of this process, we have posted a notice to our website. Credit monitoring and identity protection services are now activated and available.

    In the coming weeks, Experian (on behalf of PowerSchool) will also be distributing direct email notifications to involved individuals for whom we have sufficient contact information. This email notice will include further information about the information of theirs involved and the resources PowerSchool is offering. Additionally, we have coordinated with Experian to set up a call center for your families and educators in case they have questions about these offerings.

    As a reminder, PowerSchool is offering two years of complimentary identity protection services for all current and former students and educators whose information was determined to be involved. We are also offering two years of complimentary credit monitoring services for all adult students and educators whose information was determined to be involved. We are doing this regardless of whether an individual’s Social Security Number was exfiltrated.

    We care deeply about keeping the students, families, and educators we support informed of this process. Please refer inquiring community members to the PowerSchool website for the latest information on the cybersecurity incident. To further support our districts and schools, PowerSchool has prepared template communications for your adapted use in conversation with families and educators as you see fit. The emails included below this message provide an update to both groups regarding the notification process and services PowerSchool is offering to involved individuals.

    Thank you for your partnership in supporting this process and the trust you have placed in our response. We acknowledge the significance of this incident and are committed to emerging from it stronger and better equipped to serve you and the communities we share.

    Sincerely,

    Hardeep Gulati

    Chief Executive Officer, PowerSchool

    January 7, 2025

    Dear Valued Customer,

    As a main point of contact for your school district, we are reaching out to make you aware that on December 28, 2024 PowerSchool became aware of a potential cybersecurity incident involving unauthorized access to certain information through one of our community-focused customer support portals, PowerSource. Your organization’s Technical Contact was informed of this incident earlier today. Over the succeeding days, our investigation determined that an unauthorized party gained access to certain PowerSchool SIS customer data using a compromised credential.

    However, our thorough forensic investigation has confirmed that information related to other PowerSchool products you have were not affected as a result of this incident. Please note there is no further action needed from you at this time relative to your non-PowerSchool SIS products, and we are simply notifying you to be as transparent as possible and because we value our partnership with you. We have already notified technical contacts responsible for PowerSchool SIS in your organization.

    As soon as we learned of the incident, we immediately engaged our cybersecurity response protocols and mobilized a cross-functional response team, including senior leadership and third-party cybersecurity experts. We have also informed law enforcement.

    We have also deactivated the compromised credential and restricted all access to the affected portal. Lastly, we have conducted a full password reset and further tightened password and access control for all PowerSource customer support portal accounts.

    Importantly, the incident is contained, and we have no evidence of malware of continued unauthorized activity in the PowerSchool environment. PowerSchool is not experiencing, nor expects to experience any operational disruption and continues to provide services as normal to our customers.

    We are addressing the situation in an organized and thorough manner, following all of our incident response protocols. PowerSchool is committed to providing affected customers with the resources and support they may need as we work through this together.

    Again, although your product was not impacted, we wanted to assure you that we are addressing the situation in an organized and thorough manner following all of our incident response protocols. Should you have any questions, please do not hesitate to contact your customer service manager. Thank you for your continued support and partnership.

    Best,
    Hardeep Gulati
    Chief Executive Officer

    Paul Brook
    Chief Customer Officer

    cc: Mishka McCowan
    Chief Information Security Officer