PowerSchool data breach affects families from Lakeland area

An international data breach has impacts on local Lakeland area students, including Northern Lights Public Schools and Lakeland Catholic School Division. 

Parents of students at Northern Lights Public Schools were notified on Jan. 9 that PowerSchool, an online system that tracks enrolment, grades, and other school and personal information for school authorities across North America, were part of the large-scale breach. 

The some 6,200 students at over two dozen schools in the Lakeland are part of the breach that took place at some point during the Christmas break, between Dec. 22-28. 

Similar information was shared at the end of last week by LCSD.

“We understand that this situation is deeply concerning, and we want to assure you that our division office team is working diligently with PowerSchool and the Office of the Information Privacy Commissioner to determine the extent of the breach and who is impacted so we can notify everyone as soon as possible,” said NLPS in the letter to parents.

On Jan. 8, NLPS says they were provided further details. The letter says the information was accessed was from the student and teacher tables in the PowerSchool SIS. They are working with PowerSchool to confirm the data specifics, and who may be impacted.

Some of the personal information that may have been viewed by the threat actor includes various school information like ID, grade, and graduation date, but also: 

  • Student’s mailing address
  • Birthday
  • Home phone number
  • Ethnicity
  • Guardian’s information

The data is no longer accessible to the threat actor, PowerSchool told NLPS.

But Northern Lights is not alone in this breach, as this affects families from Alabama to Nova Scotia, as PowerSchool operates worldwide.

Proactive steps that are being suggested by the school division includes:

  • Monitoring personal accounts for any unusual activity
  • Updating passwords, especially if shared with school-related accounts
  • Be aware and cautious of phishing or unsolicited emails that request personal information

LCSD

On Friday afternoon, Lakeland Catholic parents received similar information, that some of the data belonging to Lakeland Catholic families and educators was at risk. 

The following data may have been accessed:

  • Parent and student contact details, including names, addresses, and phone numbers.
  • For some individuals, personally identifiable information (PII), such as medical information, student ID numbers, and other sensitive details, may also have been involved.

“We are working closely with PowerSchool to confirm the full extent of the breach and to determine which individuals may be affected,” LCSD said in the letter. 

“We understand this situation may raise concerns and want to reassure you that we are fully committed to supporting you throughout this process. Please know we take this matter seriously and will share further updates as soon as they become available. If you have any questions or need assistance, feel free to contact your school’s principal or our FOIP Coordinator, Tessa Hetu, at thetu@lrcssd.ca.”

St. Paul Education confirmed that after correspondence with PowerSchool, no data belonging to students, staff, or parents was impacted by this incident.