A cyberattack late last year targeted PowerSchool, a cloud-based software program for schools that stores names, genders, addresses, health card numbers, emergency contact information, medical conditions and disciplinary records.Â
A cyberattack late last year targeted PowerSchool, a cloud-based software program for schools that stores names, genders, addresses, health card numbers, emergency contact information, medical conditions and disciplinary records.Â
A cyberattack late last year targeted PowerSchool, a cloud-based software program for schools that stores names, genders, addresses, health card numbers, emergency contact information, medical conditions and disciplinary records.Â
Student data obtained in a cyberattack that targeted the pc28¹ÙÍøDistrict School Board and others across North America was not destroyed — despite assurances that it had been — and another ransom demand has been made, families have been told.
In an email to parents and staff, pc28¹ÙÍødirector of education Clayton La Touche said that following the data breach late last December, PowerSchool “informed school boards that the data accessed by an unauthorized user had been deleted and that no copies of this data were posted online.”
However, PowerSchool — which provides cloud-based software — “has now confirmed that they have paid a ransom in an attempt to secure deletion of the impacted data. As with any such incident, there was a risk that the threat actors would not honour their commitment to delete the stolen data, despite assurances” and “earlier this week, (the board) was made aware that the data was not destroyed.”
ARTICLE CONTINUES BELOW
The pc28¹ÙÍøboard, along with others across the country and in the U.S., “received a communication from a threat actor demanding a ransom using data from the previously reported December 2024 incident.”
Hacked data goes back as far as 60 years, and affected millions of former and current students in 20 Ontario boards alone.
While the stolen personal information varies board to board, the pc28¹ÙÍøpublic board had no social insurance numbers or any financial information stored by PowerSchool.
The pc28¹ÙÍøboard said names, gender, birthdates, grades, medical conditions and health numbers were accessed as far back as 1985 but that sensitive information from school psychologists, social workers or speech language pathologists was not. The board says it’s working with police.
The Peel District School Board was also affected, with student information as far back as 1965, the Dufferin-Peel Catholic District School Board back to 2003, and the York Region District School Board from 2005 onwards.
No financial information or social insurance numbers were obtained.
PowerSchool — which previously said it had “received confirmation” that the stolen data was “securely destroyed” — is offering two years of free credit monitoring to those affected by the breach of PowerSchool’s Student Information System.
The boards have said they are not able to track down all former students affected, and cybersecurity experts have urged any current or former families of the boards to sign up for any credit and identity monitoring services offered.
“We appreciate that this news may be unsettling and understand the concern this may cause,” La Touche said in the email to parents. “We remain committed to working closely with PowerSchool, law enforcement and the Information and Privacy Commissioner of Ontario to provide support in any way we can.”
Kristin Rushowy is a Toronto-based reporter covering Ontario
politics for the Star. Follow her on Twitter: .
To join the conversation set a first and last name in your user profile.
Sign in or register for free to join the Conversation