STAY CONNECTED: Have the stories that matter most delivered every night to your email inbox. Subscribe to our daily local news wrap.
ID 18876548 © Filmfoto | Dreamstime.com
By Tanner Smith
GPPSD, PWPSD & GPCSD

Canada-wide school data breach affecting local divisions

Jan 9, 2025 | 12:20 PM

A PowerSchool “cyber security” incident was reported by school divisions across the country today. (Thursday, January 9)

The Grande Prairie Public School Division, the Peace Wapiti Public School Division and the Grande Prairie and District Catholic School Division have all put out a release saying they are working with PowerSchool to determine the scope of the incident.

All three districts said PowerSchool had informed them that this incident has been contained. The divisions also wanted to ensure parents that “no financial information was accessed or stored on PowerSchool.”

In a letter to parents and guardians of PWPSD students, it was revealed that this breach was first identified by PowerSchool on December 28, 2024. PWPSD was then notified about the incident on Tuesday, January 7.

At this time, the exact number of divisions affected by this breach is unknown, but multiple school divisions down south have reported the same incident, including Red Deer, Medicine Hat and Ponoka.

Meaningful Mementos
Remembering Someone You've Lost at Christmas
Dec 03, 2024
Seasonal Sorrow
How Do You Get Through The Holidays When You're Grieving?
Nov 01, 2024
Upcoming Events at Oliver's
Grief & Loss and Estate Planning Seminars
Oct 02, 2024

PowerSchool has also released a statement regarding the data breach:

Dear Valued Customer,
As the Technical Contact for your district or school, we are reaching out to inform you that on December 28, 2024, PowerSchool become aware of a potential cybersecurity incident involving unauthorized access to certain information through one of our community-focused customer support portals, PowerSource. Over the succeeding days, our investigation determined that an unauthorized party gained access to certain PowerSchool Student Information System (“SIS”) customer data using a compromised credential, and we regret to inform you that your data was accessed.
Please review the following information and be sure to share this with relevant security individuals at your organization.
As soon as we learned of the potential incident, we immediately engaged our cybersecurity response protocols and mobilized a cross-functional response team, including senior leadership and third-party cybersecurity experts. We have also informed law enforcement.
We can confirm that the information accessed belongs to certain SIS customers and relates to families and educators, including those from your organization. The unauthorized access point was isolated to our PowerSource portal. As the PowerSource portal only permits access to the SIS database, we can confirm no other PowerSchool products were affected as a result of this incident.
Importantly, the incident is contained, and we have no evidence of malware or continued unauthorized activity in the PowerSchool environment. PowerSchool is not experiencing, nor expects to experience, any operational disruption and continues to provide services as normal to our customers.
Rest assured, we have taken all appropriate steps to prevent the data involved from further unauthorized access or misuse. We do not anticipate the data being shared or made public, and we believe it has been deleted without any further replication or dissemination.
We have also deactivated the compromised credential and restricted all access to the affected portal. Lastly, we have conducted a full password reset and further tightened password and access control for all PowerSource customer support portal accounts.
PowerSchool is committed to working diligently with customers to communicate with your educators, families, and other stakeholders. We are equipped to conduct a thorough notification process to all impacted individuals. Over the coming weeks, we ask for your patience and collaboration as we work through the details of this notification process.
We have taken all appropriate steps to further prevent the exposure of information affected by this incident. While we are unaware of and do not expect any actual or attempted misuse of personal information or any financial harm to impacted individuals as a result of this incident, PowerSchool will be providing credit monitoring to affected adults and identity protection services to affected minors in accordance with regulatory and contractual obligations. The particular information compromised will vary by impacted customer. We anticipate that only a subset of impacted customers will have notification obligations.
We are addressing the situation in an organized and thorough manner, and we are committed to providing affected customers with the resources and support they may need as we work through this together.
Thank you for your continued support and partnership.
Sincerely,
Hardeep Gulati
Chief Executive Officer
Paul Brook
Chief Customer Officer
cc: Mishka McCowan
Chief Information Security Officer

PowerSchool Statement

by Tanner Smith

Pro Tips

Meaningful Mementos
Remembering Someone You've Lost at Christmas
Dec 03, 2024
Seasonal Sorrow
How Do You Get Through The Holidays When You're Grieving?
Nov 01, 2024
Upcoming Events at Oliver's
Grief & Loss and Estate Planning Seminars
Oct 02, 2024