Go back

PowerSchool Cybersecurity Incident Update

Posted on:

Battle River School Division (BRSD) has been informed of a North America-wide cybersecurity incident involving PowerSchool, the system used for student information. We are working with PowerSchool to determine the scope of the incident and any potential impact on our families and staff.

An email was shared with families and staff on January 9, 2025.

We want to assure you that no financial information, student profile pictures or computer passwords were accessed or stored in PowerSchool. PowerSchool confirmed that whatever data the unauthorized user accessed has been deleted and that no copies of that information were shared online.

PowerSchool has assured us that the incident is contained, and they’ve strengthened their security measures to prevent future breaches. PowerSchool’s operations remain unaffected, and service continues as usual.

We understand that news like this can be unsettling, and we want to assure you that we are doing everything possible to address the situation responsibly.

We are sharing the letter sent to us from PowerSchool notifying us of the breach.

—————————————————————————————————————————

UPDATE to PowerSchool Cybersecurity Incident: Jan. 10, 2025

Yesterday, we let you know about the North America-wide cybersecurity incident involving PowerSchool which has impacted BRSD.  

On January 10, 2025, an email update was shared with families and staff to share more details regarding the incident.

PowerSchool has assured us that the incident is contained. 

We thank you for your support throughout as we recognize that this information is concerning. Our priority is to protect the personal information of our students, families, and staff while addressing this incident responsibly and effectively.

Thank you,
Battle River School Division

—————————————————————————————————————————

Frequently Asked Questions (FAQ)

Who is affected?

  • All current 2024-25 school year students and past students from 2020-21 onward.
  • All current BRSD staff and staff who were active users of PowerSchool Student Information System (SIS) and PowerTeacher Pro from 2020-21 onward.

When did we know?

On January 7, 2025, BRSD was informed of a North America-wide cybersecurity incident involving PowerSchool (PS), the system used for student information.

  • PS notification letter (January 7, 2025); initial incident information

What information was accessed?

The breach involved current and past student and staff information stored within the PS SIS and PowerTeacher Pro. 

From the SIS:

  • Student names
  • Student mailing addresses
  • Dates of birth – students only
  • Student home phone numbers
  • Alberta Student Number
  • Student School ID (school ID number)
  • Basic student medical information (in some cases), such as details about asthma, diabetes, or allergies

From PowerTeacher Pro:

  • Staff names
  • Staff mailing addresses
  • Notes in PowerTeacher Pro regarding student discipline
  • Staff School ID
  • Staff Employee ID

Was financial information accessed?

No financial information was accessed or stored in PS.

How is PowerSchool responding to the incident?

PS has assured us that immediate action was taken to stop unauthorized access, and the breach was immediately contained. PowerSchool does not anticipate the data being shared or made public, and they believe it has been deleted without any further replication or dissemination.

Actions Taken by PS:

  • immediately engaged its cybersecurity response protocols and mobilized a cross-functional response team, including senior leadership and third-party cybersecurity experts
  • informed law enforcement and the FBI
  • taken all appropriate steps to prevent data involved from further unauthorized access or misuse 
  • assured us that protecting our students is something they take seriously, that the incident is contained, and that they've strengthened their security measures to prevent future breaches.
  • updated its security measures and will continue to do so
  • will provide updated methods to protect information and resources as they become available (including credit monitoring or identity protection services if applicable
  • issued a public statement and FAQ page for families and educators

How has BRSD responded to the incident?

BRSD has taken immediate and proactive steps in response to the cybersecurity incident involving PS.

Actions taken by BRSD:

  • staff worked with and have been in ongoing communication with PS to gather detailed information about the breach and potential impact on our systems
  • technology team connected and continues to connect with other affected school divisions to share insights and strategies to better understand the situation and minimize potential risks
  • technology team and SIS coordinator conducted thorough review to determine what information was accessed
  • promptly informed BRSD staff and families and followed up with an update the following day
  • providing communication using transparency (website, direct email to families); keeping affected individuals updated
  • committed to continuing with investigation; providing additional updates as new information becomes available

We thank you for your support throughout as we recognize that this information is concerning. Our priority is to protect the personal information of our students, families, and staff while addressing this incident responsibly and effectively.

Media Release: BRSD Reflects on First Semester Success,… Media Release: BRSD Kindergarten Professional Learning…