PowerSchool Data Breach Information
Posted onPowerSchool informed RVS on Jan. 7 of a data breach incident. Current information we have from PowerSchool and from our Technology department's investigation is available here.
Frequently Asked Questions
Q: What data was accessed?
A: In addition to what PowerSchool had informed us was potentially included in the data breach, RVS’ Technology team’s investigation confirmed the following data was included in the PowerSchool breach. The data accessed primarily includes current and former parent, student and staff contact information. Not all students or staff had all of these fields entered. The data elements for students included information such as student ID number and encrypted password, first and last name, date of birth, gender, and home address information. Some parent/guardian and emergency contact names and phone numbers were included as well as doctor name and phone number. Additional data provided by parents to support student learning may have been accessed. This could include medical, custody and court order arrangements, coding and programming information. Staff information that was accessed included their first and last name, position title, contact information, school code, home addresses, RVS email address, RVS login ID and at least three-year-old encrypted passwords which are no longer used to access PowerSchool. No financial information, Social Insurance Numbers or photos were accessed. We continue to await specifics from PowerSchool.
Q: Were photos accessed?
A: No. We can confirm the data accessed was text only and no attachments such as photographs.
Q: Were personal documents compromised?
A: No. Personal documents such as birth certificates and drivers’ licences are uploaded into the SchoolEngage system and not PowerSchool. These documents or attachments were not accessed.
Q: Do I need to change my password/email?
A: Regularly changing passwords is recommended as a best practice to help protect your information.
Q: When will RVS provide us with more information?
A: We have limited information from PowerSchool and we have shared what we know today. The most recent information we have as of Jan. 9 is on our website. We will update our website when we have more information.
Q: Can I opt out of having my/my child’s information in PowerSchool?
A: No. School divisions in Alberta are required to maintain a student information system such as PowerSchool. PowerSchool is the student information system used by school divisions across North America and internationally.
Q: Is PowerSchool safe to use?
A: Yes. PowerSchool has indicated the incident has been contained and they have increased security within their systems to prevent further incidents. The system remains fully functional and is safe to use. RVS has also taken precautionary measures.
Q: How did the breach happen?
A: PowerSchool has stated an unauthorized party gained access to certain PowerSchool student information system demographic data using one of their corporate support accounts which became compromised. PowerSchool has a third-party cyber security response team investigating the incident. They believe it is contained but some of RVS’ student and staff data may have been obtained during the breach. PowerSchool has stated they do not anticipate the data involved being shared or made public, and they believe it has been deleted without any further replication or dissemination.
Q: Will credit monitoring be offered?
A: We are waiting for more information and resources (including credit monitoring or identity protection services if applicable) from PowerSchool and will provide an update as it becomes available.
_________________________________________________
Posted: Jan. 9, 2025
PowerSchool, Rocky View Schools’ (RVS) student information system, informed RVS they had a data breach incident impacting many school divisions across North America including RVS. PowerSchool is a third-party which provides a cloud-based student information system used by most school divisions in Canada, the United States and internationally.
PowerSchool informed RVS Tuesday afternoon (Jan. 7, 2025) of a breach that took place on Dec. 28, 2024. RVS takes the security and privacy of personal information very seriously. Since we were notified, we have been working to gather additional information from PowerSchool on their investigation and our Technology team has been conducting our own investigation. While the scope of the incident is still being determined, we can reassure families and staff that no financial information was stored in PowerSchool. On Jan. 9, 2025, we notified all impacted individuals using available contact information of this incident and applicable privacy regulators.
PowerSchool has stated an unauthorized party gained access to certain PowerSchool student information system demographic data using one of their corporate support credentials which became compromised. PowerSchool has a third-party cyber security response team investigating the incident. They believe it is contained but some of RVS’ student and staff data may have been obtained during the breach. PowerSchool has stated they do not anticipate the data involved being shared or made public, and they believe it has been deleted without any further replication or dissemination. The company has indicated the incident has been contained and they have increased security within their systems to prevent further incidents.
We do not have any further information from PowerSchool and do not know the extent to which our division was compromised. We understand the concern this will cause for many of our families and staff, and we assure all those impacted by this situation RVS is taking this very seriously. PowerSchool has committed to sharing more detailed information with us when they have it. We will communicate what we know to families and staff as quickly as possible when we know more. The system remains fully functional and is safe to use.
We are sharing the letter sent to us from PowerSchool notifying us of the breach.