Dear District 97 Staff and Families,
We are writing to inform you of a data security incident involving PowerSchool, the system we use to manage teacher and student information.
On Jan. 7, 2025, PowerSchool notified District 97 and many other districts that they recently experienced a global security breach that compromised a significant number of school districts. District 97 has confirmed that the breach impacted some of our student and staff data (outlined below).
PowerSchool has assured its customers that they are highly confident that the stolen information has been deleted and was not publicly released.
While this breach originated solely within PowerSchool’s systems, we take this matter very seriously and want to share what we know and how we are responding. Below, we’ve outlined what we know so far, what steps are being taken, and what you can do to help protect your information.
If you have any questions, please don’t hesitate to reach out to our team via Let’s Talk. Thank you for your understanding and cooperation as we work through this situation.
Sincerely,
Michael Arensdorff
Chief Technology Officer
What We Know
- What Happened: According to PowerSchool, a support account was accessed without authorization, which allowed attackers to infiltrate its server and extract sensitive data for a large number of school districts.
- When It Happened: The breach occurred on Dec. 22, 2024. PowerSchool became aware of the issue on December 28 and notified school districts via email on January 7, 2025. District 97 confirmed that its records were impacted on Jan. 8.
- Data Involved: As of Jan. 8, we have confirmed that data impacted by the breach included:
- Student and family contact information
- Student email addresses and passwords
- Date of birth
- Staff email addresses and contact information
- Status of the Breach: According to PowerSchool, the incident is contained, and there is no evidence of malware or continued unauthorized activity in its systems.
What PowerSchool Is Doing
PowerSchool has taken steps to address the security flaw by enhancing their security protocols. Additionally, the company has informed us that, through their negotiations with the individuals responsible, the data that was accessed has been deleted and was not shared with anyone else. They continue to investigate with their cybersecurity team, with the support of third-party experts.
What We’re Doing
- Investigating the Incident: Although this breach occurred within PowerSchool’s systems, we recognize our responsibility in choosing a reliable platform for our district. District 97 is working with PowerSchool and its internal team to better understand the full extent of what occurred and ensure that the necessary security measures are in place to prevent future incidents.
- Protecting Information: While PowerSchool has reported that the data has been deleted by the unauthorized party, we are remaining vigilant and reviewing/monitoring our own systems for added security.
- Monitoring for Updates: We are in regular communication with PowerSchool, and expect to have a full report on the incident by Jan. 17, 2025.
- Transparency: We will provide staff and families with updates when new information becomes available.
What You Should Do
While PowerSchool has no evidence that the data has been shared or used maliciously, we encourage you to take the following steps:
- Monitor Accounts: Be on the lookout for unusual activity, such as unexpected emails or login attempts.
- Stay Alert: Avoid clicking on suspicious links or sharing personal information with unknown sources.
- Stay Connected: We will provide additional updates via email once we receive more information from PowerSchool.