Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jeanmeslier

PowerSchool Data Breach

jeanmeslier
Practitioner
‎01-10-2025 04:28 AM
‎01-10-2025 04:28 AM

PowerSchool Data Breach

Can anyone give me more info about the data breach that just happened with PowerSchool?  Has there been any kind of official press release or written notice yet?

22 Replies
jamiem7
Lead Community Moderator
Lead Community Moderator
‎01-10-2025 03:05 PM
‎01-10-2025 03:05 PM

Thank you for reaching out. We recommend working with the Technical Contacts in your organization who have received communication regarding the data breach.
0 Kudos
DominiqueJ
Hobbyist
‎01-13-2025 09:36 AM
In response to jamiem7
‎01-13-2025 09:36 AM

I'm the Technical Contact and haven't received nearly enough information about the breach.

 

 How will Technical Contacts receive details on directly impacted families/staff? While we've received information on how to review logs (which is how we confirmed how many records were exported), we have yet to receive a copy of exported data to confirm exactly who was impacted. 

 

When will we get information on the monitoring services? Our Jan. 8th notification stated" PowerSchool will be providing credit monitoring to affected adults and identity protection services to affected minors in accordance with regulatory and contractual obligations"...but we haven't received any additional information here.

 

 

rbusby
Hobbyist
‎01-13-2025 09:51 AM
In response to DominiqueJ
‎01-13-2025 09:51 AM

I second @DominiqueJ 's request - specifically about the question about monitoring services.  We have had inquiries about credit monitoring services. We need to know what to tell parents (e.g. a URL they can check (e.g. online form) or an email address they can use to request monitoring support).

 

jeanmeslier
Practitioner
‎01-13-2025 11:27 AM
In response to jamiem7
‎01-13-2025 11:27 AM

I have today gotten in touch with my technical contact at my school district.  They told me and they have posted on their website that: They don't have any info to share, and that they are waiting on PowerSchool.  Furthermore, they say that PowerSchool *may* be in touch with me, if they need to tell me something, or if they want to offer me identity protection.

 

But see, here's the problem: One of my kids has graduated.  I want to know if his info is in the data breach, or if it is old enough to have been missed.  I need to know this, so that I can tell him about it.  The school and PowerSchool does NOT have his direct contact info, now that he's an adult and has moved away.

 

Here's the next problem: How do I know that Powerschool has my correct contact info?  I've moved in the last few years.  I have new email addresses and have gotten rid of some old ones.  How can I update Powerschool about that?

 

PowerSchool was just bought for $5.6B by an unfathomably wealthy private equity group.  Surely they can spend a few dollars, to put real people into action on this, so that us little people can have some answers, and also some back-and-forth communication.

0 Kudos
rbusby
Hobbyist
‎02-07-2025 06:12 AM
In response to jeanmeslier
‎02-07-2025 06:12 AM

I see the concern in your post about one of your children's potential data exposure. I will respond to you as I would one of our parents. While we have no way to know if your child (the one that graduated)'s data was involved, it would be a good idea to assume your child's data was in scope (if a recent graduate) and share the link to access the PS Offer of credit monitoring (click here).  At least then can have the information to exercise the option to activate credit monitoring services.   Best of luck to you and your child.

0 Kudos
jeanmeslier
Practitioner
‎01-20-2025 09:24 AM
In response to jamiem7
‎01-20-2025 09:24 AM

As of Jan 20, 2025, my school district still cannot tell me what info was involved in the breach.  They continue to tell me that they are as in the dark as I am.

 

How can we move forward?  What does my school or I have to do to determine what of my info was involved in this breach?  

jallensj
Practitioner
‎01-23-2025 02:17 PM
In response to jamiem7
‎01-23-2025 02:17 PM

Also curious to know when the CrowdStrike report will be made available to those who were breached?

MaryD2
Hobbyist
‎01-12-2025 09:03 AM
‎01-12-2025 09:03 AM

PowerSchool needs to do a better job of communicating with its customers about this breach.

jeanmeslier
Practitioner
‎01-13-2025 10:42 AM
In response to MaryD2
‎01-13-2025 10:42 AM

PowerSchool should do that.  I doubt they will do that.  I am concerned that they are either:

a) being told to STFU by their lawyers
or
b) ignoring us arrogantly, because they are now owned by private equity and don't feel the need to answer to us

0 Kudos
scottmecca
Hobbyist
‎01-13-2025 06:20 AM
‎01-13-2025 06:20 AM

@jamiem7 - I would ask that if you are a Powerschool employee or contractor that you not push these questions off on "others".  Please provide more information.  PS claims to be "transparent" regarding communication on this issue. Still, the fact that we have to go to a community forum, that is not public, in which it is tough to find information suggests otherwise.  We need help.  Please take our questions to management.  I still have not heard from my account managers!

 

 

 

rbusby
Hobbyist
‎01-13-2025 09:11 AM
‎01-13-2025 09:11 AM

Great post.  As of this morning we have parent inquiries to us asking about what credit/identity protection services are being offered (parents report that they are still concerned, even after assurances that no credit card/banking information was included in the breach, that the personal identifying information is significant and puts them at risk for identity theft.  In short: @PowerSchool: What URL can we send to parents to see your response to these concerns?    

chayeslnsd
Practitioner
‎01-13-2025 12:16 PM
‎01-13-2025 12:16 PM

Here is a really unhelpful link that was just shared with me: https://www.powerschool.com/security/sis-incident/

rbusby
Hobbyist
‎01-13-2025 12:36 PM
In response to chayeslnsd
‎01-13-2025 12:36 PM

Thank you @chayeslnsd - It's at least a landing page we can share!

 

jeanmeslier
Practitioner
‎01-13-2025 03:50 PM
In response to chayeslnsd
‎01-13-2025 03:50 PM

I just got that link, too, from my school district, who said "It's better than nothing!"

And it is.  It is a page that may later be updated when the lawyers let them release more info.  I suspect it is coming after CrowdStrike finishes their reports on 1/17/25.  So Imma keep hitting my refresh button on that thing.

thomasga
Journeyman
‎01-21-2025 05:19 PM
In response to jeanmeslier
‎01-21-2025 05:19 PM

Any word on that report? I can't seem to find any mention of it, though originally we were told "CrowdStrike is finishing their analysis in the coming days, and we expect to have a finalized forensic report by January 17th which we are happy to share."

Reshma
PowerSchool Team
PowerSchool Team
‎01-13-2025 01:58 PM
‎01-13-2025 01:58 PM

Thank you for sharing your feedback.

 

We have forwarded this directly to our leadership team, who is currently reviewing all questions. We appreciate your patience during this.



Reshma
PowerSchool Community Support Expert

Remember to give Kudos to suggestions that help you!
If another user helps solve your issue, please select Accept As Solution on their post so others can see the solution, too!
0 Kudos
jeanmeslier
Practitioner
‎01-13-2025 03:55 PM
In response to Reshma
‎01-13-2025 03:55 PM

Here's something else for you to forward up the chain of command:

I have a son who graduated from a PowerSchool-using district.  5 years have passed, and all of his contact info is new and unknown to PowerSchool.  For that matter, most of my contact info has also changed over the years.

 

We and probably others like us would like to know if our data was involved, even though we were gone from the school system at the time of the breach.  And we would like to know how PS would get in contact with us, or if you will devise a method for us to update our contact info with you.

 

Thank you for your consideration!

acarrasquillo
Hobbyist
‎01-14-2025 08:47 AM
‎01-14-2025 08:47 AM

How does a district go about contacting PowerSchool for credit monitoring for the affected users?

 

JohnnaD
Practitioner
‎01-14-2025 08:50 AM
‎01-14-2025 08:50 AM

With the Cybersecurity incident our IT guy is looking for ways to help tighten our security.  He is asking me why I continue to keep faculty/staff on Powerschool after they have left the district.......I have never deleted students/faculty/staff from PS only made them inactive or with students transferred them out of the system.  I have always been under the impression the teachers are tied to students through historical data.........Would we want to actually delete them from PS like they had never existed?  Does not make sense to me to delete them.  Any help and guidance would be appreciated.
If I need to post elsewhere, please let me know.
Thank You 
Johnna Dehlinger
USD 389
Eureka KS

 

JeffG9
PowerSchool Champion
PowerSchool Champion
‎01-14-2025 09:01 AM
In response to JohnnaD
‎01-14-2025 09:01 AM

Make the users Inactive, and clear out their Login/Credentials. Teachers will indeed be attached to many historical records. 

______________
Full Disclosure: I do not work for PowerSchool
Preview file
56 KB
Related Discussions & Articles