PowerSchool Cybersecurity Incident
Update #2 - 1/24/2025
As we previously communicated, PowerSchool experienced a cybersecurity incident involving unauthorized access to certain information in their PowerSchool Student Information System (SIS) product.
We are sharing more information and next steps that was recently received directly from PowerSchool:
• Identity Protection and Credit Monitoring Services: PowerSchool has engaged Experian, a trusted credit reporting agency, to offer two years of complimentary identity protection services for ALL students and educators whose information from our PowerSchool SIS was involved. This offer will also include two years of complimentary credit monitoring services for ALL adult students and educators whose information was involved.
• Notification to Individuals Involved: Starting in the next few weeks, in collaboration with Experian, PowerSchool will provide notice to students (or their parents / guardians if the student is under 18) and educators whose information was involved, as well as a phone number to answer any questions you may have about the incident. The notice will include the identity protection and credit monitoring services offered (as applicable).
We encourage you to visit https://www.powerschool.com/security/sis-incident/ for the most up-to-date information on the cybersecurity incident. We care deeply about the welfare of our families and will continue to do everything we can to support you. Thank you for the important role you play in our community and your shared commitment to putting our students first.
Update #1 - 1/9/2025
Click the file below for important information regarding PowerSchool Cyber Security Incident
PowerSchool Cybersecurity Incident FAQ
What happened?
According to PowerSchool, someone used a compromised PowerSchool credential to access data stored in the global Student Information System (SIS). When PowerSchool became aware of the incident on December 28, 2024, they notified law enforcement, locked down the system and engaged the services of CrowdStrike (a cybersecurity company that develops software to help companies detect and prevent cyberattacks) and Cyber Steward (a professional advisor with experience in negotiating with threat actors).
This was a targeted attack on PowerSchool and not any school district in particular. At this time we feel confident that all RSD systems are secure and operating normally.
What data was accessed?
Initial information from PowerSchool indicates that Personally Identifiable Information (PII) for staff and students may have been accessed for some districts. At this time, we are still evaluating the specific data that may have been accessed or exported. Once PowerSchool lets us know what information may have been accessed, we will work with PowerSchool to ensure that any impacted individuals are notified and that appropriate next steps are taken.
Initial information from PowerSchool indicates that Personally Identifiable Information (PII) for staff and students may have been accessed for some districts. At this time, we are still evaluating the specific data that may have been accessed or exported. Once PowerSchool lets us know what information may have been accessed, we will work with PowerSchool to ensure that any impacted individuals are notified and that appropriate next steps are taken.
What happens next?
PowerSchool has stated, “While we are unaware of and do not expect any actual or attempted misuse of personal information or any financial harm to impacted individuals as a result of this incident, PowerSchool will be providing credit monitoring to affected adults and identity protection services to affected minors in accordance with regulatory and contractual obligations.”
PowerSchool has stated, “While we are unaware of and do not expect any actual or attempted misuse of personal information or any financial harm to impacted individuals as a result of this incident, PowerSchool will be providing credit monitoring to affected adults and identity protection services to affected minors in accordance with regulatory and contractual obligations.”
In the coming days, PowerSchool will be providing RSD with a communications package to support us in engaging with families, teachers, and other stakeholders about this incident.
Is it still safe to continue using my PowerSchool Account?
Yes, it is safe to continue using your PowerSchool account. According to PowerSchool, “the incident is contained and we have no evidence of malware or continued unauthorized activity in the PowerSchool environment. PowerSchool is not experiencing any operational disruption, nor expects to experience any operation disruption and continues to provide services as normal to our customers.”