PowerSchool Cyber Security Incident

 

Incident Update - 5/7/2025

PowerSchool is aware that a threat actor has reached out to multiple school district customers in an attempt to extort them using data from the previously reported December 2024 incident. We do not believe this is a new incident, as samples of data match the data previously stolen in December. We have reported this matter to law enforcement both in the United States and in Canada and are working closely with our customers to support them. We sincerely regret these developments – it pains us that our customers are being threatened and re-victimized by bad actors.

Any organization facing a ransomware or data extortion attack has a very difficult and considered decision to make during a cyber incident of this nature. In the days following our discovery of the December 2024 incident, we made the decision to pay a ransom because we believed it to be in the best interest of our customers and the students and communities we serve. It was a difficult decision, and one which our leadership team did not make lightly. But we thought it was the best option for preventing the data from being made public, and we felt it was our duty to take that action. As is always the case with these situations, there was a risk that the bad actors would not delete the data they stole, despite assurances and evidence that were provided to us.

In order to best mitigate this risk, we have also offered and made widely available credit monitoring and identity protection services for a period of two years to students and faculty of our PowerSchool SIS customers, regardless of whether they were individually involved.

We encourage all those who were offered these services to take advantage of them:

• For individuals who reside in the U.S., you can find more information on identity protection services and credit monitoring here: https://www.powerschool.com/security/sis-incident/notice-of-united-states-data-breach/
• For individuals who reside in the Canada, you can find more information on identity protection services and credit monitoring here: https://www.powerschool.com/security/sis-incident/notice-of-canada-data-breach/  

We sincerely regret the occurrence of the 2024 incident. We will continue supporting our valued customers and law enforcement as we work through this together.

 

Incident Update - 3/4/2025

Experian, on behalf of PowerSchool, has began the process of providing affected PowerSchool end users with identity protection services. On Saturday, March 1st, 2025 an email was sent by Experian in regards to PowerSchool's Cybersecurity incident in December. The email came from "Ps-sis-incident@mail1.csid.com." We have confirmed with PowerSchool that the email is in fact from Experian on behalf of PowerSchool and is safe to open.

Some users have reported that this email went to their "Spam Folders." If you feel that you should have received an email and did not, please navigate to the Spam folder in your respective email account and look for an email sent on March 1st, 2025 from PowerSchool with the subject line of "PowerSchool Cybersecurity Incident."

Other confirmed e-mail addresses in use by Experian on behalf of PowerSchool are: 

Ps-sis-incident@mail.csid.com

Ps-sis-incident@mail2.csid.com

We encourage you to visit https://www.powerschool.com/security/sis-incident/ for the most up-to-date information on the cybersecurity incident.

 

 

Incident Update - 2/3/2025

In late December PowerSchool experienced a cybersecurity incident involving unauthorized access to certain information in their PowerSchool Student Information System (SIS) product. The incident was reported to the Ferndale Area School District in early January. Since the unauthorized access happened on PowerSchool's platform and was not within the control of the District, PowerSchool will be handling correspondence and next steps to all impacted users. As we receive updates from PowerSchool on their progress, we'll post them here. The most recent update directly from PowerSchool included the information listed below: 

• Notification to Individuals Involved: Starting in the next few weeks, in collaboration with Experian, PowerSchool will provide notice to students (or their parents / guardians if the student is under 18) and educators whose information was involved, as well as a phone number to answer any questions you may have about the incident. The notice will include the identity protection and credit monitoring services offered (as applicable).

• Identity Protection and Credit Monitoring Services: PowerSchool has engaged Experian, a trusted credit reporting agency, to offer two years of complimentary identity protection and credit monitoring services for all students and educators whose information from our PowerSchool SIS was involved. 

We encourage you to visit https://www.powerschool.com/security/sis-incident/ for the most up-to-date information on the cybersecurity incident. 

 

PowerSchool Cyber Security Incident - 1/10/2025