PowerSchool Cybersecurity Incident

Jim Rieflin

January 28, 2025

This page exists to provide you a centralized location to find updates, information, and announcements about the nationwide PowerSchool Data Breach.

Permanent Items

  1. PowerSchool has provided a link to their authoritative and updated information about the PowerSchool Cybersecurity Incident Data Breach. https://www.powerschool.com/security/sis-incident

  2. It is not the practice of Gloucester County Public Schools to collect nor store the Social Security numbers of students or employees.

  3. No GCPS system or network was compromised in this attack. The Cybersecurity incident occurred entirely and only in the PowerSchool Student Information System (SIS) which is hosted by PowerSchool.

  4. PowerSchool, will contacting students, parents, and/or employees who were impacted by the Cybersecurity incident directly beginning, or shortly after, January 28, 2025.

January 24, 2025 Update sent by SchoolMessenger to Parents and Employees

National PowerSchool Incident – Update 1/24/2025

Dear GCPS families and employees:

On January 9th Gloucester County Public School (GCPS) sent GCPS families and employees a notice of the Nationwide cybersecurity breach that affected PowerSchool, the company that provides GCPS with its Student Information System (SIS).

We are writing today to provide up to date information shared from PowerSchool to GCPS  including the official PowerSchool website which provides authoritative and timely updates about the PowerSchool SIS breach and important action steps that PowerSchool is taking.

We encourage you to visit the official PowerSchool incident web page which is dedicated to providing the most up to date and accurate information about their data breach and their response to the data breach at: https://www.powerschool.com/security/sis-incident .

That website includes information that we recently received directly from PowerSchool:

·         Notification to Individuals Involved: Starting in the next few weeks, in collaboration with Experian, PowerSchool will provide notice to students (or their parents / guardians if the student is under 18) and educators whose information was involved, as well as a phone number to answer any questions you may have about the incident. The notice will include the identity protection and credit monitoring services offer (as applicable).

·         Identity Protection and Credit Monitoring Services: PowerSchool has engaged Experian, a trusted credit reporting agency, to offer two years of complimentary identity protection services for all students and educators whose information from our PowerSchool SIS was involved. This offer will also include two years of complimentary credit monitoring services for all adult students and educators whose information was involved.

·         As soon as PowerSchool learned of the incident, they engaged cybersecurity response protocols and mobilized senior leadership and third-party cybersecurity experts to conduct a forensic investigation of the scope of the incident and to monitor for signs of information misuse. PowerSchool is not aware of any identity theft attributable to this incident.

GCPS takes the privacy of our students’ and employees’ information very seriously.  We will continue to monitor developments about PowerSchool’s response to their breach and how members of our community may have been impacted.

Jim Rieflin, Director of Technology

Gloucester County Public Schools

January 9, 2025 Update sent by SchoolMessenger to Parents and Employees

Dear GCPS Family,

We are writing to update you on a nationwide cybersecurity breach that has affected PowerSchool, the company that provides the district's student information system. PowerSchool recently discovered unauthorized access to its systems and is working to address the situation.

According to PowerSchool, an unauthorized party used a compromised PowerSchool maintenance account credential to access some user data and the platform's PowerSource tool's management console. The company has further shared that the breach was contained and no malware was involved.

PowerSchool informed district users that the compromised data is demographic and directory.  To our knowledge, no grades or other academic data was compromised. The company is now working to prevent any compromised data from further unauthorized access or misuse. The company believes this data has been deleted and will not be shared publicly.

It is worth noting that this breach is on PowerSchool's end and has not affected any of our other district systems. No Gloucester County Public Schools systems or credentials were compromised in this breach.

We recognize that GCPS families may have many questions; however, we do not have any additional information to share. PowerSchool has stated they will release further details and provide support in the coming days and weeks.  

This is a national problem affecting school districts throughout the state and beyond. Gloucester County Public Schools goes to great lengths to protect student and staff information and will continue to prioritize data security as a critical responsibility. Thank you for your attention to this important update.