bobÌåÓý

I received an email that claims to be from PowerSchool. Is it legitimate? 

We understand PowerSchool has sent emails to students, parents/guardians, and educators whose information was involved in the incident. We understand from PowerSchool the email was or will be sent from one of the following similar email addresses: ps-sis-incident@mail.csid.com; ps-sis-incident@mail1.csid.com; or ps-sis-incident@mail2.csid.com. If you receive or have received an email from any one of these email addresses with the subject line “PowerSchool Cybersecurity Incident”, we have been assured by PowerSchool that it is a legitimate email. Whether or not you received the email from PowerSchool, you may also visit PowerSchool’s website to learn how to activate the identity protection and/or credit monitoring services. The PowerSchool website also includes information .

I have a question about how to sign up for the identity protection and/or credit monitoring services offered by PowerSchool. 

PowerSchool has advised that you can call 833-918-7884 if you have any questions. 

For those able to utilize credit monitoring services (anyone age 18 and over), you will be prompted to validate before activating by entering your name and date of birth. Anyone, including those under 18, can utilize the identity protection services. We encourage you to sign up for the services offered by PowerSchool. 

What happened? 

On January 7, 2025, PowerSchool informed bobÌåÓý that it had experienced a cybersecurity incident involving unauthorized access to and exfiltration (acquisition) of certain customer information between around December 19 and December 28, 2024. bobÌåÓý is a customer of PowerSchool, like many other educational institutions across North America. PowerSchool provides a Student Information System (SIS) used by bobÌåÓý and thus we were informed by PowerSchool that information stored by bobÌåÓý in our SIS was involved in the incident. 

We understand PowerSchool has sent emails to students, parents/guardians, and educators whose information was involved in the incident. We understand from PowerSchool the email was or will be sent from one of the following similar email addresses: ps-sis-incident@mail.csid.com; ps-sis-incident@mail1.csid.com; or ps-sis-incident@mail2.csid.com. Whether or not you receive an email, you may also visit PowerSchool’s website to learn how to activate the identity protection and/or credit monitoring services being offered. The PowerSchool website also includes information in French. For those able to utilize credit monitoring services (anyone age 18 and over), you will be prompted to validate before activating by entering your name and date of birth. Anyone, including those under 18, can utilize the identity protection services. PowerSchool has advised that you can call 833-918-7884 if you have any questions. 

We have been informed that PowerSchool has contained the incident and that there is no evidence of malware or continued unauthorized activity in the PowerSchool environment. There have been no operational impacts on bobÌåÓý as a result of this incident. 

Who did this and for what purpose? 

This incident occurred at PowerSchool. Unfortunately, organizations across the public and private sectors are increasingly being impacted by incidents like this.

How did you respond to the incident? 

When we learned of the incident, we conducted an investigation with the assistance of experts and worked diligently to request more details from PowerSchool. We have been assured by PowerSchool that the incident has been contained. We took steps to confirm there was no ongoing threat and to reduce the risk of a similar future threat, including by confirming that PowerSchool: engaged its cybersecurity response protocols, engaged a cybersecurity expert to conduct a forensic investigation, deactivated a compromised account, conducted a full password reset, initiated enhanced processes for access, further strengthened password policies and controls, and notified law enforcement. PowerSchool has also advised that it has taken steps to prevent the information involved from further unauthorized access or misuse, that it does not anticipate the information being shared or made public, and that it believes the information has been deleted without any further replication or dissemination. 

PowerSchool has notified Canadian privacy regulators about this incident. (bobÌåÓý has already informed the Manitoba Ombudsman.) PowerSchool has or will be notifying individuals by email and we understand the email was or will be sent from one of the following similar email addresses: ps-sis-incident@mail.csid.com; ps-sis-incident@mail1.csid.com; or ps-sis-incident@mail2.csid.com. Whether or not you receive an email, you may also visit PowerSchool’s website to learn how to activate the identity protection and/or credit monitoring services. The PowerSchool website also includes information in French. For those able to utilize credit monitoring services (anyone age 18 and over), you will be prompted to validate before activating by entering your name and date of birth. Anyone, including those under 18, can utilize the identity protection services. PowerSchool has advised that you can call 833-918-7884 if you have any questions.

Has the incident been resolved? 

We have been informed that PowerSchool has contained the incident and that there is no evidence of malware or continued unauthorized activity in the PowerSchool environment. There have been no operational impacts on bobÌåÓý as a result of this incident.

Has law enforcement been notified?

Yes, PowerSchool has advised us that it has notified law enforcement.

Has the Manitoba Ombudsman been advised?

Yes, the Manitoba Ombudsman has been advised.

Why did this happen to bobÌåÓý?

PowerSchool is a vendor used by many educational institutions in North America. We are a customer of PowerSchool and, as a result of the incident experienced by PowerSchool, we were impacted. We have no reason to believe that bobÌåÓý was a specific target in this incident.

Has information been accessed? Was information from bobÌåÓý exposed?

You will see that PowerSchool includes in the email a description of some of the information that was potentially involved in the incident. The information involved varies by person. 

For students, the information involved will generally be limited to information parents/guardians provided bobÌåÓý upon registration of their child as a student or any subsequent updates to that information. For many students, the information involved was name, date of birth, gender, address, doctor’s name and phone number, school ID number, and/or enrolment/registration records. For a small number of students, there was also relevant alerts (e.g., related to discipline, guardian, custody, or other issues). 

For staff, the information involved was name, school email address, and/or school ID number. 

The email from PowerSchool also refers to Social Insurance Number (SIN) as potentially involved but should also include a statement if there is no evidence that your SIN was involved – please review the email carefully. If your SIN was among the small number stored in our SIS, we previously emailed you about this on or around Jan. 29, 2025. If you did not receive this email from us, then your SIN was not stored in our SIS and is NOT involved in the incident – the email from PowerSchool should thus say there is no evidence your SIN was involved. Based on our own investigation of the information stored in our SIS, no parent/guardian, staff, or student banking or credit card information was stored in our SIS and thus such information was NOT involved in the incident PowerSchool has nevertheless offered identity protection and/or credit monitoring to all individuals with any information involved. We encourage you to sign up for the services offered by PowerSchool.