PowerSchool Security
Please read the FAQ page from PowerSchool.
Dear SDST Staff and Families,
On January 9, 2025 I shared a message with the community regarding a cybersecurity incident experienced by PowerSchool, our Student Information System. Today PowerSchool has provided additional information for those affected by the incident.
Information regarding the cybersecurity breach is now available on our district website within our Technology pages under the PowerSchool Security tab. We will keep this page updated and notify staff and families if and when further information is provided.
Should you have any questions or concerns regarding this incident or the security of your personal information, please contact our Director of Technology, Mr. Brandon Lutz, at brandon_lutz@sdst.org.
Thank you.
MaryJo Yannacone, Ed.D.
Superintendent
Dear SDST Staff and Families,
This letter is to inform district staff and families of a cybersecurity incident involving PowerSchool, our Student Information System, and its impact on data provided by our district to them.
On January 7th, 2025 PowerSchool notified member districts of a cybersecurity incident potentially affecting member school districts. Since being notified, our technology team has been investigating the data breach and communicating with our MCIU and regional colleagues to fully understand the impact to our records. As PowerSchool is the Student Information System for thousands of school districts, coordinated efforts are underway to investigate the scope of the incident and assist member districts in notifying those affected.
According to PowerSchool, a compromised credential of one of their support accounts was used to extract information from multiple customer’s datasets, in which our data was included. When PowerSchool became aware of the incident, they notified law enforcement, locked down their systems and support accounts, and engaged the services of multiple cybersecurity firms. While their investigation is ongoing, there is currently no evidence that the data has been misused or shared publicly. PowerSchool states that they have received “reasonable assurances from the threat actor that the data has been deleted and that no additional copies exist.”
Upon being notified of the data breach, our Technology team conducted an internal audit and provided a full report on Wednesday afternoon to me, which I have shared with our Board of School Directors, insurance carrier, and solicitor.
In Springfield Township, there are several key points for staff and families today:
- Our internal network at SDST was not breached as our PowerSchool software is hosted in the cloud, separate from our on-site systems. We believe our systems and data are secure but we will continue internal monitoring for the impact of this data breach.
- We do not recommend any actions regarding this incident by families or staff members, nor do we believe any further actions are necessary.
- We will continue to verify with PowerSchool any and all corrective actions being taken to eliminate cybersecurity risks in the future.
I understand that this information can be alarming to our staff and families. The security of your personal information and all information held by the school district is of the utmost importance to us. For more information and resources related to cybersecurity in our district, please visit the Cybersecurity page of our website.
We anticipate the release of an FAQ by PowerSchool shortly. Once received, we will provide it to all staff and families. In the interim, I felt it was important to notify our community now with the information we have at this time. Questions regarding this cybersecurity incident should be emailed to our Director of Technology, Mr. Brandon Lutz, at brandon_lutz@sdst.org.
Thank you.
MaryJo Yannacone
MaryJo Yannacone, Ed.D.
Superintendent