View School Directory

      PowerSchool Cybersecurity Incident

      Posted

      On Tuesday, January 7, 2025, PowerSchool informed our leadership team of a cybersecurity incident involving unauthorized access to certain PowerSchool SIS customer data. This data breach affected organizations globally, including STAR Catholic.

      PowerSchool has issued a public statement along with community-facing FAQs, which you can access [here]. They will also continue to update their General FAQs in the PowerSchool Community as more information becomes available.

      PowerSchool has assured us that the unauthorized party deleted the accessed data and that it was not shared or replicated. Additionally, they have implemented enhanced security measures to help prevent future incidents.

      Protecting our students is a top priority for us. With PowerSchool’s support, we will provide more information and resources as they become available.

      We have compiled an FAQ section below to offer further details. This resource includes information about what happened, the actions being taken, and what this may mean for our community.

       

      Update from PowerSchool (January 22nd, 2025)

      Please see below next steps that we recently received directly from PowerSchool:

      Identity Protection and Credit Monitoring Services: PowerSchool has engaged TransUnion and Experian, trusted credit reporting agencies, to offer two years of complimentary identity protection services for all students and educators whose information from our PowerSchool SIS was involved. This offer will also include two years of complimentary credit monitoring services for all students and educators whose information was involved and who have reached the age of majority. The offered credit monitoring services, which will be available for those who have reached the age of majority, will be provided by TransUnion; the offered identity protection services, which will be available for all involved students and educators, will be provided by Experian. Credit monitoring is being provided by TransUnion because Experian does not offer credit monitoring in Canada.

      Notification to Individuals Involved: Starting in the next few weeks, in collaboration with TransUnion and Experian, PowerSchool will provide notice to students, parents / guardians and educators (as applicable) whose information was involved, as well as a phone number to answer any questions you may have about the incident. The notice will include the identity protection and credit monitoring services offer (as applicable).

      As soon as PowerSchool learned of the incident, they engaged cybersecurity response protocols and mobilized senior leadership and third-party cybersecurity experts to conduct a forensic investigation of the scope of the incident and to monitor for signs of information misuse. PowerSchool is not aware of any identity theft attributable to this incident.

       

      Frequently Asked Questions (FAQ)

      What happened?
      According to PowerSchool, the breach occurred when an unauthorized party used a compromised credential to gain access to data, affecting multiple school divisions worldwide, including Edmonton Catholic Schools. PowerSchool has assured us that the vulnerability has been identified and resolved, and enhanced security measures have been implemented to prevent similar incidents in the future.

      Who was impacted by this breach?
      PowerSchool informed us that the affected data primarily includes parent and student contact information, such as names and addresses. For some individuals, personally identifiable information (PII), such as first and last names, email addresses, and medical information, may have been impacted.

      What staff data was compromised?
      PowerSchool indicated that the compromised data includes teacher contact information, such as names and addresses. For some individuals, additional personally identifiable information may have been accessed. At STAR Catholic, we store teacher names, STAR Catholic email addresses, STAR Catholic employee IDs, and gender in PowerSchool SIS. We do not store sensitive personal information (e.g., personal email addresses, home addresses, social insurance numbers) in PowerSchool.

      When can schools, educators, and families expect further updates from PowerSchool?
      PowerSchool is working to complete their investigation of the incident and is coordinating with STAR Catholic and other schools to provide further information and resources as they become available.

      Were personal documents uploaded during registration affected by the breach?
      No, personal documents such as birth certificates or baptism certificates uploaded during the registration process are stored on a separate platform and were not affected by the PowerSchool breach.

      What actions are being taken to prevent future incidents?
      PowerSchool is committed to protecting the security and integrity of its applications. They regularly review and enhance their security policies and practices and continue to prioritize significant investments in cybersecurity defenses.

      Was any financial data compromised?
      No, financial information was not accessed, as it is not stored in PowerSchool.

      Can I continue to use my PowerSchool account?
      Yes, you can continue to use your PowerSchool account as usual. The PowerSchool cybersecurity incident has not disrupted daily school operations or classroom instruction. PowerSchool has assured us that the incident has been contained and that additional security measures have been implemented to prevent future breaches.

      For further information, please visit PowerSchool Cybersecurity Incident - Customer FAQs - Canada Only and PowerSchool's [FAQ page].

      For additional questions or clarifications, please email: communications@starcatholic.ab.ca

      <Prev Next>