February 5, 2025 - Update regarding the recent cybersecurity incident involving PowerSchool, the software vendor that provides our Student Information System (SIS).
In late December, PowerSchool became aware that an unauthorized party gained access to certain PowerSchool SIS customer data using a compromised credential. PowerSchool engaged the services of CyberSteward and together have taken all appropriate steps to prevent the data involved from further unauthorized access or misuse. They do not anticipate the data being shared or made public, and believe it has been deleted without any further replication or dissemination. More information about the Data Breach can be found here:
As a PowerSchool SIS customer whose information was involved, we currently know that data potentially included in the breach included personally identifiable information (PII), such as names, addresses, student health and grade information along with medical information. No financial information was obtained or exfiltrated during the data breach.
PowerSchool has begun the process of notifying individuals whose information was determined to be involved. They have engaged Experian, a trusted credit reporting agency, to provide complimentary identity protection and credit monitoring services to current and former students and educators that had information exfiltrated from PowerSchool SIS. PowerSchool is doing this regardless of whether an individual’s Social Security Number was exfiltrated. In the coming weeks, Experian (on behalf of PowerSchool) will be distributing direct email notifications to involved individuals (or their parent/guardian, as applicable) for whom PowerSchool has sufficient contact information.
Additionally, PowerSchool has worked with Experian to set up a dedicated, toll-free call center to answer any questions associated with these offerings and the incident. All the information regarding the activation of and access to these services will be included in the email sent to you by Experian. Whether or not you receive an email, you may also visit PowerSchool’s website to learn how to activate the offering from Experian, linked here:
http://www.powerschool.com/security/sis-incident/notice-of-united-states-data-breach
/.
East Aurora UFSD will continue to monitor updates from PowerSchool and share relevant information with our community as we receive it. You can also find this information on the Data Breach Information page on our website. While PowerSchool is taking responsibility for this incident, we remain committed to protecting the privacy and security of our students, staff, and families.
If you have any questions or concerns, please don’t hesitate to reach out. We appreciate your understanding and support as we navigate this matter together.