January 13th Update
We received the following email from PowerSchool, which includes a public statement and FAQs.
"We now have a public statement and community-facing FAQs available on our website. We will continue to update our General FAQs available in PowerSchool Community to help you understand the impact."
January 9th Update
Dear GSACRD Staff and Families:
On Tuesday, January 7, 2025, PowerSchool informed our school division that they experienced unauthorized access to certain PowerSchool SIS customer data. Unfortunately, they have confirmed that this incident includes information belonging to some of Greater St. Albert Catholic Schools’ families and educators.
What We Know So Far
-
PowerSchool has informed us that the affected data primarily includes contact information, such as names and addresses.
-
The security issue has been contained, and PowerSchool systems are now operating securely.
-
PowerSchool has assured us and our own incident response team (Learning Technology Services) that NO financial information related to individuals was involved in this breach.
What Student Information Was Compromised?
The breach was isolated to one section within PowerSchool containing demographic information listed below:
-
First name
-
Last name
-
Date of birth
-
Student phone numbers
-
Home/mailing address
-
Alberta Student Numbers (ASN)
-
Basic student medical alert information (for example, asthma, allergies, diabetes).
What Student Information Was Not Compromised?
The following data was NOT part of the breach:
-
Financial data (e.g., credit card or banking information)
-
Student profile photos
-
Computer user passwords
-
Social Insurance Numbers (we do not collect SINs for students)
-
Birth certificates
What Steps Have Been Taken to Confirm the Data Has Been Deleted?
As soon as PowerSchool learned of the incident, they enlisted the assistance of a third-party professional cybersecurity advisor and negotiator. With their guidance, PowerSchool has received reasonable assurances from the threat actor that the compromised data has been deleted and that no additional copies exist.
Given the sensitive nature of their investigation, PowerSchool cannot provide us with any more specific information at this time.
Although this breach occurred at the PowerSchool level, Greater St. Albert Catholic Schools continues to monitor for any potential exposure of private data through various channels and resources.
Enhanced Security Measures
In response to this incident and as an additional precaution, we will be implementing a mandatory password reset for all GSACRD students to enhance the security of their information. Further details will be shared as this process begins.
Best Practices to Protect Against Identity Theft
We encourage families and staff to take the following steps to safeguard their personal information:
-
Review email and social media accounts for unusual activity.
-
Regularly update passwords for all accounts, especially if the same password has been used elsewhere.
-
Use strong, unique passwords for each account, and consider a password manager for added security.
-
Enable two-factor authentication wherever possible for an extra layer of security.
-
Watch for phishing attempts. Be cautious of suspicious emails, calls, or messages pretending to be from legitimate organizations. Do not click on unfamiliar links or share personal information.
We thank you for your patience and understanding as we navigate this situation and take proactive steps to safeguard our systems and data. Please contact your school's administration if you have any questions or concerns.
Sincerely,
Greater St. Albert Catholic Schools
January 7th Update
Greater St. Albert Catholic Schools has been informed of a cybersecurity incident involving PowerSchool, the system we use to manage student information. We are working closely with PowerSchool to understand the scope of the incident and any potential impact on our families and staff. Updates will be shared as new information becomes available.
PowerSchool has assured us that the incident has been contained and that they have implemented stronger security measures to prevent future breaches. PowerSchool’s operations remain fully functional, and services continue without interruption.
We want to assure our community that no financial information was accessed or stored in PowerSchool.
For full transparency, we are sharing the letter provided by PowerSchool outlining the situation.
Thank you for your understanding as we address this matter.