January 23rd Update
The Greater St. Albert Catholic Schools Learning Technology Services team will reset all student passwords internally as a precautionary measure.
Password resets for students will proceed as follows:
- Grades 5-8: Password updates will be completed on January 24th.
- Grades 9-12: Updates will be finalized by the end of January, as we are waiting for exams to conclude to avoid disruptions.
- Grades 1-4: Password resets for these grades require teacher involvement to assist with login and password typing. We are working on a secure and practical process for this, which will be implemented later in February.
We appreciate your understanding and patience as we take these steps to safeguard all accounts. If you have any questions or concerns, please don’t hesitate to reach out.
We have received the following update from PowerSchool regarding the next steps. We strongly encourage all division families, past and present, to take advantage of the credit monitoring services being offered if you are notified that your information was accessed.
"Over the last few weeks, we have been focused on assessing the scope of data involved, making further enhancements to our cybersecurity defenses, and developing a plan to help you and our shared community.
As a PowerSchool SIS customer in Canada whose information was involved, I am writing to provide you with updates on several important next steps:
Identity Protection and Credit Monitoring Services: PowerSchool has engaged TransUnion and Experian, trusted credit reporting agencies, to offer complimentary identity protection and credit monitoring services to all students and educators whose information from your PowerSchool SIS was involved. The offered credit monitoring services in Canada, which will be available for those who have reached the age of majority, will be provided by TransUnion; the offered identity protection services, which will be available for all involved students and educators, will be provided by Experian for both the United States and Canada. This offer is being provided regardless of whether an individual’s Social Insurance Number was exfiltrated.
- Identity Protection: PowerSchool will be offering two years of complimentary identity protection services, which will be provided by Experian, for all students and educators whose information was involved.
- Credit Monitoring: PowerSchool will also be offering two years of complimentary credit monitoring services, which will be provided by TransUnion, for all students and educators who have reached the age of majority whose information was involved. This service is being provided by TransUnion because Experian does not offer credit monitoring in Canada.
Notifications: Starting in the next few weeks, PowerSchool will be handling notifications to involved individuals and the necessary privacy regulators on your behalf. We hope to relieve the burden of these notifications on you and your institution.
- Community: PowerSchool will coordinate with TransUnion and Experian, to provide notice on your behalf to students, parents / guardians and educators, as applicable, whose information was involved, as well as a call center to answer questions from the community. The notice will include the identity protection and credit monitoring services offer (as applicable).
We are committed to learning from this incident, becoming stronger and more resilient as a company for having experienced it – and most importantly – we are committed to serving you and our shared community.
Sincerely,
Hardeep Gulati
Chief Executive Officer, PowerSchool"
January 13th Update
We received the following email from PowerSchool, which includes a public statement and FAQs.
"We now have a public statement and community-facing FAQs available on our website. We will continue to update our General FAQs available in PowerSchool Community to help you understand the impact."
January 9th Update
Dear GSACRD Staff and Families:
On Tuesday, January 7, 2025, PowerSchool informed our school division that they experienced unauthorized access to certain PowerSchool SIS customer data. Unfortunately, they have confirmed that this incident includes information belonging to some of Greater St. Albert Catholic Schools’ families and educators.
What We Know So Far
-
PowerSchool has informed us that the affected data primarily includes contact information, such as names and addresses.
-
The security issue has been contained, and PowerSchool systems are now operating securely.
-
PowerSchool has assured us and our own incident response team (Learning Technology Services) that NO financial information related to individuals was involved in this breach.
What Student Information Was Compromised?
The breach was isolated to one section within PowerSchool containing demographic information listed below:
-
First name
-
Last name
-
Date of birth
-
Student phone numbers
-
Home/mailing address
-
Alberta Student Numbers (ASN)
-
Basic student medical alert information (for example, asthma, allergies, diabetes).
What Student Information Was Not Compromised?
The following data was NOT part of the breach:
-
Financial data (e.g., credit card or banking information)
-
Student profile photos
-
Computer user passwords
-
Social Insurance Numbers (we do not collect SINs for students)
-
Birth certificates
What Steps Have Been Taken to Confirm the Data Has Been Deleted?
As soon as PowerSchool learned of the incident, they enlisted the assistance of a third-party professional cybersecurity advisor and negotiator. With their guidance, PowerSchool has received reasonable assurances from the threat actor that the compromised data has been deleted and that no additional copies exist.
Given the sensitive nature of their investigation, PowerSchool cannot provide us with any more specific information at this time.
Although this breach occurred at the PowerSchool level, Greater St. Albert Catholic Schools continues to monitor for any potential exposure of private data through various channels and resources.
Enhanced Security Measures
In response to this incident and as an additional precaution, we will be implementing a mandatory password reset for all GSACRD students to enhance the security of their information. Further details will be shared as this process begins.
Best Practices to Protect Against Identity Theft
We encourage families and staff to take the following steps to safeguard their personal information:
-
Review email and social media accounts for unusual activity.
-
Regularly update passwords for all accounts, especially if the same password has been used elsewhere.
-
Use strong, unique passwords for each account, and consider a password manager for added security.
-
Enable two-factor authentication wherever possible for an extra layer of security.
-
Watch for phishing attempts. Be cautious of suspicious emails, calls, or messages pretending to be from legitimate organizations. Do not click on unfamiliar links or share personal information.
We thank you for your patience and understanding as we navigate this situation and take proactive steps to safeguard our systems and data. Please contact your school's administration if you have any questions or concerns.
Sincerely,
Greater St. Albert Catholic Schools
January 7th Update
Greater St. Albert Catholic Schools has been informed of a cybersecurity incident involving PowerSchool, the system we use to manage student information. We are working closely with PowerSchool to understand the scope of the incident and any potential impact on our families and staff. Updates will be shared as new information becomes available.
PowerSchool has assured us that the incident has been contained and that they have implemented stronger security measures to prevent future breaches. PowerSchool’s operations remain fully functional, and services continue without interruption.
We want to assure our community that no financial information was accessed or stored in PowerSchool.
For full transparency, we are sharing the letter provided by PowerSchool outlining the situation.
Thank you for your understanding as we address this matter.