PowerSchool Cybersecurity Incident

This page exists to provide you a centralized location to find updates, information, and announcements about the nationwide PowerSchool Data Breach.

Permanent Items

Please use the link below to read the latest authoritative information from PowerSchool about the PowerSchool Cybersecurity Incident Data Breach. https://www.powerschool.com/security/sis-incident
It is not the practice of Gloucester County Public Schools to collect nor store the Social Security numbers of students or employees.
No GCPS system or network was compromised in this attack. The Cybersecurity incident occurred entirely and only in the PowerSchool Student Information System (SIS) which is hosted by PowerSchool.
PowerSchool has contracted with the Experian credit reporting service to attempt to contact, by EMail, those individuals (students, parents, and/or employees) who were impacted by the Cybersecurity incident directly beginning, or shortly after, January 28, 2025.
Who can you call to ask questions? Experian has set up a toll-free call center at 833-918-9464 dedicated to answering any questions regarding the incident for impacted individuals and about about the 2 years of monitoring offered by PowerSchool.
GCPS has learned that some GCPS impacted individuals received emails from Experian starting around February 25th. These emails are being sent from Experian and are sent from the following email address: Ps-sis-incident@mail1.csid.com .
How do you sign up for identity protection/credit monitoring services? Follow this link which contains instructions regarding identity protection services and credit monitoring: https://www.powerschool.com/security/sis-incident/notice-of-united-states-data-breach/ . Be sure to sign up for the offered services using the Activation code by May 31, 2025.

March 7, 2025 PowerSchool Reiterates link to sign up for Credit Monitoring

How do I sign up for identity protection services and credit monitoring services?

For individuals who reside in the U.S., you can find more information on identity protection services and credit monitoring here: https://www.powerschool.com/security/sis-incident/notice-of-united-states-data-breach/

March 7, 2025 PowerSchool releases the CrowdStrike Incident Report

CrowdStrike Incident Report

PowerSchool engaged CrowdStrike, an industry leading cybersecurity expert, as soon as we became aware of the incident. After a thorough investigation, CrowdStrike has submitted its final incident report which you can read here: Click Here to read the CrowdStrike report.

CrowdStrike did not identify any new or concerning findings beyond what we already shared; these findings include:

The Threat Actor accessed PowerSource, a community-focused customer support portal, using a single compromised credential.
The Threat Actor’s activities were limited to exfiltration of select PowerSchool SIS instances of Students and Teachers tables.
CrowdStrike’s Recon+ Intelligence service has not identified any evidence of this exfiltrated information available for sale or download.
CrowdStrike found no evidence of system-layer access or malware associated with this incident.
CrowdStrike found no other PowerSchool products were compromised.
While the PowerSource environment experienced unauthorized activity prior to December, PowerSchool believes that the data exfiltration occurred in late December.

March 7, 2025 PowerSchool holds an informational update meeting which was open to all Virginia customers

PowerSchool held an informational update meeting with Virginia users of PowerSchool. This meeting was attended by multiple GCPS staff members. This was the first significant update provided by PowerSchool since January 29th when Powerschool indicated that the next steps would take several weeks to initiate and complete.

Approximately February 25, 2025 PowerSchool begins sending email messages to impacted GCPS Individuals.

PowerSchool has begun sending directions on registering for Identity Protection/Credit Monitoring. We have been told that the message may look like spam to your email provider so please check your spam folder if you do not see one in your email inbox. The GCPS Technology Department confirms that the email referenced below is legitimate.

The email will come "From: PowerSchool" with the sender email address: Ps-sis-incident@mail1.csid.com . The notification will include a link and an Authorization code for Experian Identity Works Please note that the web domain: csid.com is an Experian domain.

As PowerSchool will likely not be able to contact all impacted persons, please see a copy of that email below with the user's name removed.

Approximately February 25, 2025 - Full copy of Email message sent by PowerSchool/Experian to impacted GCPS Individuals.

Dear PowerSchool User or Parent / Guardian of User:

You are receiving this notice on behalf of your GCPS Student from PowerSchool. As you may know, PowerSchool provides software and services to your current or former school or the current or former school of a person to whom you are a parent or guardian. In compliance with State laws, we are writing to share with you some important information regarding a recent cybersecurity incident involving personal information belonging to the named individual.

What Happened?

On December 28, 2024, PowerSchool became aware of a cybersecurity incident involving unauthorized exfiltration of certain personal information from PowerSchool Student Information System (SIS) environments through one of our community-focused customer support portals.

What Information Was Involved?

Due to differences in customer requirements, the types of information involved in this incident included one or more of the following, which varied by person: name, contact information, date of birth, Social Security Number, limited medical alert information, and other related information.

What Are We Doing?

PowerSchool is offering two years of complimentary identity protection services to students and educators whose information was involved. For adult students and educators whose information was involved, this offer will also include two years of complimentary credit monitoring services.

If your personal information was involved in this incident and you are interested in enrolling in credit monitoring or identity protection, please follow the steps for either Option 1 or Option 2 below:

Option 1: If the Individual is Under 18

Enrollment Instructions

· Ensure that you enroll by May 30, 2025 (Your code will not work after this date at 5:59 UTC)

· Visit the Experian IdentityWorks website to enroll: https://www.experianidworks.com/minorplus

Provide your activation code: CEBP456TRK
For over the phone assistance with enrollment or questions about the product, please contact Experian’s customer care team at 833-918-9464
Be prepared to provide engagement number B138813

Details Regarding Your Experian Identityworks Credit Plus Membership

A credit card is not required for enrollment in Experian IdentityWorks. You can contact Experian immediately regarding any fraud issues, and have access to the following features once you enroll in Experian IdentityWorks:

· Social Security Number Trace: Monitoring to determine whether enrolled minors in your household have an Experian credit report. Alerts of all names, aliases and addresses that become associated with your minor’s Social Security Number (SSN) on the Experian credit report.

· Internet Surveillance: Technology searches the web, chat rooms & bulletin boards 24/7 to identify trading or selling of your personal information on the Dark Web.

· Identity Restoration: Identity Restoration agents are immediately available to help you address credit and non-credit related fraud.

· Experian IdentityWorks ExtendCARE^TM: You receive the same high-level of Identity Restoration support even after your Experian IdentityWorks membership has expired.

· $1 Million Identity Theft Insurance**: Provides coverage for certain costs and unauthorized electronic fund transfers.

Option 2: If the Individual is 18 or Over

Enrollment Instructions

· Ensure that you enroll by May 30, 2025 (Your code will not work after this date at 5:59 UTC)

· Visit the Experian IdentityWorks website to enroll: https://www.experianidworks.com/plus

· Provide your activation code: CTYU949PRK

· For over the phone assistance with enrollment or questions about the product, please contact Experian’s customer care team at 833-918-9464

· Be prepared to provide engagement number B138812

Details Regarding Your Experian Identityworks Credit Plus Membership

· Experian credit report at signup: See what information is associated with your credit file. Daily credit reports are available for online members only.*

· Credit Monitoring: Actively monitors Experian file for indicators of fraud.

· Internet Surveillance: Technology searches the web, chat rooms & bulletin boards 24/7 to identify trading or selling of your personal information on the Dark Web.

· Identity Restoration: Identity Restoration agents are immediately available to help you address credit and non-credit related fraud.

· Experian IdentityWorks ExtendCARE^TM: You receive the same high-level of Identity Restoration support even after your Experian IdentityWorks membership has expired.

· $1 Million Identity Theft Insurance**: Provides coverage for certain costs and unauthorized electronic fund transfers.

As soon as PowerSchool learned of the incident, we engaged cybersecurity response protocols and mobilized senior leadership and third-party cybersecurity experts to conduct a forensic investigation of the scope of the incident and to monitor for signs of information misuse. We are not aware at this time of any identity theft attributable to this incident.

What Can You Do?

You are encouraged to remain vigilant against incidents of identity theft and fraud by reviewing account statements for suspicious activity. PowerSchool will never contact you by phone or email to request your personal or account information. The enclosed “General Information About Identity Theft Protection” provides further information about what steps you can take.

Other Important Information.

If you have any questions or concerns about this notice, please call 833-918-9464, Monday through Friday, 8:00am through 8:00pm Central Time (excluding major US holidays).

Sincerely,

The PowerSchool Team

^* Offline members will be eligible to call for additional reports quarterly after enrolling.

^** The Identity Theft Insurance is underwritten and administered by American Bankers Insurance Company of Florida, an Assurant company. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions.

February 2, 2025 PowerSchool enhances upgrades PowerSchool SIS with updated security settings

PowerSchool regularly provides and manages updates to the PowerSchool SIS system. An upgrade over this weekend provided

Improvements in the remote support module which allow school divisions to more tightly control PowerSchool's remote access to the SIS.
Improvements to the data security for graduated students

January 29, 2025 PowerSchool posts a nationwide "Notice of Data Breach"

To remain compliant with state laws PowerSchool posts a nationwide "Notice of Data Breach" so that all persons impacted by the PowerSchool data breach can be made aware of the data breach. Please read this "US Notice of Data Breach."

For more details on PowerSchools provision of 2 year credit monitoring and identity protection, including enrollment instructions and steps to take if you believe you are a victim of identity theft in this Data Breach, please visit: https://www.powerschool.com/security/sis-incident/notice-of-united-states-data-breach/

January 24, 2025 Update sent by SchoolMessenger to Parents and Employees

National PowerSchool Incident – Update 1/24/2025

Dear GCPS families and employees:

On January 9^th Gloucester County Public School (GCPS) sent GCPS families and employees a notice of the Nationwide cybersecurity breach that affected PowerSchool, the company that provides GCPS with its Student Information System (SIS).

We are writing today to provide up to date information shared from PowerSchool to GCPS including the official PowerSchool website which provides authoritative and timely updates about the PowerSchool SIS breach and important action steps that PowerSchool is taking.

We encourage you to visit the official PowerSchool incident web page which is dedicated to providing the most up to date and accurate information about their data breach and their response to the data breach at: https://www.powerschool.com/security/sis-incident .

That website includes information that we recently received directly from PowerSchool:

· Notification to Individuals Involved: Starting in the next few weeks, in collaboration with Experian, PowerSchool will provide notice to students (or their parents / guardians if the student is under 18) and educators whose information was involved, as well as a phone number to answer any questions you may have about the incident. The notice will include the identity protection and credit monitoring services offer (as applicable).

· Identity Protection and Credit Monitoring Services: PowerSchool has engaged Experian, a trusted credit reporting agency, to offer two years of complimentary identity protection services for all students and educators whose information from our PowerSchool SIS was involved. This offer will also include two years of complimentary credit monitoring services for all adult students and educators whose information was involved.

· As soon as PowerSchool learned of the incident, they engaged cybersecurity response protocols and mobilized senior leadership and third-party cybersecurity experts to conduct a forensic investigation of the scope of the incident and to monitor for signs of information misuse. PowerSchool is not aware of any identity theft attributable to this incident.

GCPS takes the privacy of our students’ and employees’ information very seriously. We will continue to monitor developments about PowerSchool’s response to their breach and how members of our community may have been impacted.

Jim Rieflin, Director of Technology

Gloucester County Public Schools

January 9, 2025 Update sent by SchoolMessenger to Parents and Employees

Dear GCPS Family,

We are writing to update you on a nationwide cybersecurity breach that has affected PowerSchool, the company that provides the district's student information system. PowerSchool recently discovered unauthorized access to its systems and is working to address the situation.

According to PowerSchool, an unauthorized party used a compromised PowerSchool maintenance account credential to access some user data and the platform's PowerSource tool's management console. The company has further shared that the breach was contained and no malware was involved.

PowerSchool informed district users that the compromised data is demographic and directory. To our knowledge, no grades or other academic data was compromised. The company is now working to prevent any compromised data from further unauthorized access or misuse. The company believes this data has been deleted and will not be shared publicly.

It is worth noting that this breach is on PowerSchool's end and has not affected any of our other district systems. No Gloucester County Public Schools systems or credentials were compromised in this breach.

We recognize that GCPS families may have many questions; however, we do not have any additional information to share. PowerSchool has stated they will release further details and provide support in the coming days and weeks.

This is a national problem affecting school districts throughout the state and beyond. Gloucester County Public Schools goes to great lengths to protect student and staff information and will continue to prioritize data security as a critical responsibility. Thank you for your attention to this important update.