Skip to main content

Cybersecurity Incident Update—January 30

A detailed FAQ section can be found directly below this letter. 

PowerSchool%20Cybersecurity%20Update%20013025_Page_1-3.jpgPowerSchool%20Cybersecurity%20Update%20013025_Page_2-1.jpg

FREQUENTLY ASKED QUESTIONS

The Incident

What happened?

On January 7, 2025, PowerSchool informed RETSD that it had experienced a cybersecurity incident involving unauthorized access to certain customer information in late December 2024. RETSD is a customer of PowerSchool, like many other educational institutions across North America. PowerSchool provides a Student Information System (SIS).

PowerSchool also informed us that the unauthorized access included access to information related to RETSD. We await additional details from PowerSchool about the information involved and are committing to sharing details when we have them.

We have been informed that PowerSchool has contained the incident and that there is no evidence of malware or continued unauthorized activity in the PowerSchool environment. There have been no operational impacts on RETSD as a result of this incident.

Who did this and for what purpose?

This incident occurred at PowerSchool. We await additional details about the incident from PowerSchool. Unfortunately, organizations across the public and private sectors are increasingly being impacted by incidents like this.

How did you respond to the incident?

Upon becoming aware of the cybersecurity incident, RETSD has been working diligently to investigate, to request more details from PowerSchool and ask questions about the details it has provided to date. We have also been investigating this incident ourselves, with assistance from experts. We await additional details from PowerSchool about the information accessed as a result of this incident so we can take further action.

PowerSchool has informed us that it has taken various response actions, including containing the incident, informing law enforcement, investigating the incident, conducting a full internal password reset, and tightening passwords for all its internal accounts.

PowerSchool is in the process of notifying Canadian regulators about this incident. RETSD has already notified the Manitoba Ombudsman. PowerSchool has engaged Experian to offer two years of complimentary identity protection services for all students and educators whose information was involved. PowerSchool has also engaged TransUnion to offer two years of complimentary credit monitoring services for all students and educators whose information was involved and who have reached the age of majority. Starting in the next few weeks, PowerSchool will provide notice to students, parents/guardians, and educators whose information was involved, as well as a phone number to answer any questions they may have about the incident.

How long will the investigation take?

PowerSchool has advised it intends to provide additional details shortly. Once we have additional details from PowerSchool, we will seek to complete our investigation as quickly as possible.

Has the incident been resolved?

We have been informed that PowerSchool has contained the incident and that there is no evidence of malware or continued unauthorized activity in the PowerSchool environment. There have been no operational impacts on RETSD as a result of this incident.

The Response

Has law enforcement been notified?

Yes, PowerSchool has advised us that it has notified law enforcement.

Has the Manitoba Ombudsman been advised?

Yes, the Manitoba Ombudsman has been advised.

The Impact

Why did this happen to RETSD?

PowerSchool is a vendor used by many educational institutions in North America. We are a customer of PowerSchool and, as a result of the incident experienced by PowerSchool, we were impacted. We have no reason to believe that RETSD was a specific target in this incident.

The Data

Has information been accessed? Was information from RETSD exposed?

PowerSchool confirmed that there was unauthorized access to certain PowerSchool customer data, including data related to RETSD. PowerSchool’s investigation is ongoing, and we await additional details from PowerSchool about the information accessed as a result of the incident. We understand that you may be looking for additional details as well. Rest assured that when we have details to share, we are committed to sharing them.

Based on our own investigation to date of the information stored in our SIS, we can advise that no parent/guardian, staff, or student Social Insurance Number (SIN), banking, or credit card information has been identified as stored in our SIS. PowerSchool has nevertheless advised us that the identity protection and credit monitoring offers mentioned above will be sent to all individuals with any information involved.

image description
Back to top