(Posted on January 29th, 2025)
MESSAGE FROM POWERSCHOOL:
In the coming weeks, PowerSchool will be handling notifications for individuals involved in the cybersecurity incident. We recommend that you stay vigilant and continue to monitor any accounts for any unusual activity. PowerSchool is offering the following services for added protection:
- Identity Protection: PowerSchool will offer two years of complimentary identity protection services provided by Experian for all students and educators whose information was involved.
- Credit Monitoring: PowerSchool will also offer two years of complimentary credit monitoring services, provided by TransUnion, for all students and educators who have reached the age of majority whose information was involved.
- Community: PowerSchool will coordinate with TransUnion and Experian to provide notice to students, parents/guardians, and educators, as applicable, whose information was involved. A call center will also answer questions from the community. The notice will include the identity protection and credit monitoring services offered (as applicable).
(updated on January 13th, 2025)
Important Notice Regarding the PowerSchool Cybersecurity Incident
An International cybersecurity incident has taken place involving PowerSchool, the software vendor that provides our Student Information System (SIS).
PowerSchool has notified our leadership team that they experienced a cybersecurity breach, which resulted in unauthorized access to certain customer data within the PowerSchool SIS. It is unconfirmed if data may include information belonging to some of our HFCRD families.
Personally identifiable information (PII) may have been impacted but the extent is unknown.
PowerSchool has informed us that they are working with urgency to complete their investigation and determine whether any PII specific to our students was compromised.
Protecting the safety and privacy of our students is of utmost importance to us. In partnership with PowerSchool, we will provide more information and resources as they become available, including details on credit monitoring or identity protection services if applicable.
Thank you for your understanding and patience as we work through this matter.
Frequently Asked Questions
How Did This Happen?
This incident was part of a wider breach affecting several school divisions across North America, not just Holy Family Catholic Regional Division. Our division was not specifically targeted, but rather, the breach impacted the broader PowerSchool system, which includes multiple educational organizations.
What is the Timeline of Events?
December 22, 2024: Data exported from PowerSchool.
December 28, 2024: PowerSchool confirmed the breach.
January 7, 2025: Holy Family Catholic Regional Division was notified of the breach.
What Information Was Compromised?
The breach was confined to an isolated section within PowerSchool that stores demographic data. To our knowledge at the present time, this includes the following information:
(Note: The exact information compromised may vary by division. It is unconfirmed if data may include information belonging to some of our HFCRD families.)
Students:
First and last names
Dates of birth
Student phone numbers
Home/mailing addresses
Staff:
First and last names
Holy Family Catholic Regional Division email addresses
Phone numbers
What Information Was Not Compromised?
Based on direct communications from PowerSchool, we have been informed that certain sensitive information was not part of the breach, including:
Financial details (e.g., credit card or banking information)
Student profile photos
Computer user passwords
Social Insurance Numbers (we do not collect SINs for students)
Birth certificates
Staff Human Resources Information
What Steps Have Been Taken?
EXTERNAL
Upon discovering the breach, PowerSchool immediately engaged cybersecurity experts to assess and contain the situation. They assured that the compromised data had been isolated and did not anticipate circulation or replication. PowerSchool has implemented additional security measures to prevent similar incidents in the future and is actively monitoring for suspicious activity surrounding the breached data.
INTERNAL
We at HFCRD take Cyber Security risks and threats very seriously. We actively engage a third party for Server monitoring services to help mitigate the risk of internal data breaches. We are actively communicating with PowerSchool and other groups on the current situation.
Is there a Risk of Identity Theft?
While PowerSchool does not anticipate that the compromised data will be made public, we understand concerns about identity theft. Based on their communications, PowerSchool believes the breach has been contained, and no evidence suggests that further unauthorized activity is occurring. However, we continue to monitor potential risks through various security channels.
What Can Families Do to Protect Themselves?
While we continue to monitor the situation, there are steps families can take to protect themselves:
Watch for unusual activity on email and social media accounts.
Change passwords regularly and use unique passwords for different accounts.
Enable 2-factor authentication where possible for an extra layer of security.
Be cautious of phishing: Don’t click on suspicious links or share personal information through email or phone calls.
What’s Next?
It is unconfirmed if data may include information belonging to some of our HFCRD families, and we continue to have open communication channels with PowerSchool to determine whether our information was part of the breach.
As new information becomes available, we will share it with our community.
Thank you for your understanding as we navigate this situation. Your trust in us is essential, and we are doing everything we can to protect the privacy and security of our students and staff.
For any concerns or additional questions, please don’t hesitate to contact our Information Services team through hfcrd@hfcrd.ab.ca