PowerSchool Data Breach

UPDATED Information posted by PowerSchool

January 16, 2025

Dear Marcola & TEACH-NW Colleagues, 

We are writing to share information about a data breach that has affected our school district and many others around the state, nation, and globe. We have been notified by PowerSchool, the company that provides the student information system used by our District, of a cybersecurity incident affecting their systems. PowerSchool has informed us that this incident involved unauthorized access to their data systems globally between 12/19 and 12/28. We want to share our current understanding of this incident and how it has affected Marcola School District and TEACH-NW students and staff. This situation concerns us all, and we are actively working to get more information.

Summary of Events: 

On January 8, PowerSchool informed us that a threat actor compromised their company-level security. The actor used a PowerSchool remote support tool to access data from many districts across multiple countries. We have confirmed locally that this included Marcola School District and TEACH-NW. Our internal review of the system aligns with the timelines for unauthorized access provided by PowerSchool.

PowerSchool has assured its customers that the incident was contained before any stolen data was disseminated. Their response team has stated that there is no evidence of continued unauthorized activity and that they have taken a number of security steps to protect their clients. 

Since being informed of the breach, MSD and TEACH-NW have collaborated with PowerSchool, legal counsel, and the Oregon Department of Education (ODE) to obtain guidance and assurances concerning this incident. 

It should be noted that this was a breach through one of PowerSchool’s community-focused customer portals, PowerSource. The firewalls and security at Marcola SD and TEACH-NW remain fully functional and unaffected.

PowerSchool has expressed that:

  • They do not anticipate the data being shared or made public. PowerSchool contracted multiple vendors with experience in these situations to help contain and respond to the threat. The response team believes the data accessed has been irrevocably destroyed without replication or dissemination. PowerSchool said it did not experience a ransomware attack but that the company was extorted into paying a financial sum to prevent the hackers from leaking the stolen data.

  • They are working with a cybersecurity technology company to monitor the public domain to ensure the data was not and will not be reshared.

  • As part of their ongoing efforts to enhance PowerSchool’s resilience, they have further strengthened PowerSource password policies and controls. 

  • They are working with federal agencies to identify the actor(s) involved.

  • They are not experiencing, nor expect to experience, any operational disruption and continue to provide services as usual to our customers. 

What Marcola School District and TEACH-NW data was affected? 

  • This incident resulted in the downloading of staff demographic data in the PowerSchool information system (including names, addresses, phone numbers, email addresses, student ID numbers and birthdates, and staff ID numbers). 

  • The data did NOT include any passwords, credit card information, legal documents used during student registration, photos, or other educational information about students or staff. Student health records were NOT included, although if a health alert (such as a food allergy) was included in a student’s demographic data, was included in a student’s demographic data (such as a food allergy) that may have been included. 

  • The last four digits of Social Security numbers and dates of birth of certificated staff members stored in the system's accessed part were compromised. 

  • Again, PowerSchool has indicated that they believe all the downloaded data has been destroyed at this time.

What are the next steps? 

Based on the information provided to us as of today, 1/13/2025, we ask that you note the following:

  • Additional information will be available in the coming days and/or weeks as PowerSchool completes they complete a full investigation.

  • PowerSchool will provide credit monitoring to affected adults and identity protection services to affected minors per regulatory and contractual obligations, with more details to come.

  • Because no passwords were accessed for student, staff, or parent portal accounts, and because of the process we use to log in to PowerSchool, there is no need for password changes in the district at this time.

What steps should you take at this time? 

While PowerSchool continues to investigate, we recommend the following precautionary measures: 

  • Be cautious of phishing: Be vigilant about unexpected emails or calls requesting personal or school information.

  • For additional information and guidance, we encourage you to reference PowerSchool’s Official News Release and FAQ, which can be found HERE.

We are working hard to do everything possible to prevent cybersecurity issues with the systems under our control, and we are deeply concerned that this breach in the PowerSchool global system compromised some of our data. We will update you when PowerSchool provides further guidance or when we receive additional information. You may also receive updates directly from PowerSchool.

Sincerely,

Marcola SD and the TEACH-NW Team