FOLSOM, Calif.–(BUSINESS WIRE)–In compliance with State laws, the purpose of this notice is to share some important information regarding a recent cybersecurity incident involving personal information belonging to current or former students and teachers (“individuals”) of schools that use or used software called PowerSchool Student Information System (SIS).
What Happened? On December 28, 2024, PowerSchool became aware of a cybersecurity incident involving unauthorized exfiltration of certain personal information from PowerSchool Student Information System (SIS) environments through one of our customer support portals, PowerSource. This incident has since been contained and PowerSchool continues to operate as normal. PowerSchool previously notified its impacted customers and has been in direct communication with them regarding the incident and notification process.
What Information Was Involved? Due to differences in customer requirements, the information exfiltrated for any given individual varied across our customer base. For involved individuals, the types of information exfiltrated in the incident included one or more of the following, which varied by person: the individual’s name, contact information, date of birth, limited medical alert information, Social Security Number, and other related information. The majority of individuals did not have their medical alert information or Social Security Number involved.
What Are We Doing? PowerSchool is offering two years of complimentary identity protection services to students and educators whose information was involved. We are doing this regardless of whether an individual’s Social Security Number was exfiltrated. For adult students and educators, this offer will also include two years of complimentary credit monitoring services.
If your personal information was involved in this incident and you are interested in enrolling in credit monitoring or identity protection, please visit the PowerSchool website for more information: http://www.powerschool.com/security/sis-incident/notice-of-united-states-data-breach/.
As soon as PowerSchool learned of the incident, we engaged cybersecurity response protocols and mobilized senior leadership and third-party cybersecurity experts to conduct a forensic investigation of the scope of the incident and to monitor for signs of information misuse. We are not aware at this time of any identity theft attributable to this incident.
What Can You Do? You are encouraged to remain vigilant against incidents of identity theft and fraud by reviewing account statements for suspicious activity. PowerSchool will never contact organizations or individuals by phone or email to request your personal or account information.
Contacts
for media inquiries
[email protected]
