MAY 8, 2025

Re: Important Update Regarding PowerSchool Data Security

We wanted to provide an update of a recent development related to the cybersecurity incident PowerSchool experienced in December 2024.

PowerSchool is aware that a threat actor has reached out to multiple school district customers in an attempt to extort them using data from the previously reported December 2024 incident. PowerSchool does not believe this is a new incident.

Please be assured that both PowerSchool and Grande Yellowhead Public School Division (GYPSD) are taking this situation very seriously. PowerSchool has informed us they are working with cybersecurity experts to thoroughly assess this development and have reported it to law enforcement in both Canada and the United States.

As a reminder, following that incident PowerSchool also offered and made widely available credit monitoring and identity protection services for a period of two years to students and faculty regardless of whether they were individually involved. We encourage all those who were offered these services to take advantage of them:

• For individuals in Canada

As was reported earlier this year, PowerSchool made the decision to pay a ransom because they believed it to be in the best interest of their customers and the students and communities they serve. As is always the case with these situations, there was a risk that the bad actors would not delete the data they stole, despite assurances and evidence that were provided PowerSchool.

At GYPSD, the safety and privacy of our staff, students, and families are paramount, thus we are committed to keeping our community informed as new information becomes available.

Please note that all questions in regards to the data breach are to still be directed to PowerSchool. You can find more information on their efforts and how to contact them here.

_____________________________________________________________________________________________________

MARCH, 24, 2025

Powerschool has begun sending notifications to all Educators, Parents and Guardians impacted by the recent security incident. Instructions on how to access the identity theft and credit monitoring protection services are embedded in the email. 

Please note that the email is coming from one of the below email addresses, the csid.com domain is from Experian, regarding the credit monitoring and identity protection services.

These are legitimate communications in relation to the Cybersecurity Incident, and should be whitelisted or flagged as not "spam":

Ps-sis-incident@mail.csid.com
Ps-sis-incident@mail1.csid.com
Ps-sis-incident@mail2.csid.com

Other Important Information.

If you have any questions or concerns about this notice, please call 833-918-7884, Monday through Friday, 8:00 am through 8:00 pm Central Time (excluding major US holidays).

_______________________________________________________________________________________________________

February 20, 2025 PowerSchool Update

Powerschool will be sending notifications to all Educators, Parents and Guardians impacted by the recent security incident. Pleae note that the email is coming from one of the below email addresses, the csid.com domain is from Experian, regarding the credit monitoring and identity protection services.

These are legitimate communications in relation to the Cybersecurity Incident and should be flagged as not "spam":

Ps-sis-incident@mail.csid.com
Ps-sis-incident@mail1.csid.com
Ps-sis-incident@mail2.csid.com

_____________________________________________________________________________________________________

January 13, 2025: PowerSchool SIS Update

Please see the attached letter from Superintendent Parsons in regards to the PowerSchool SIS Cyber Incident and its impact at GYPSD.

At GYPSD, the safety and privacy of our staff, students, and families are paramount. While no action is required from our staff, students, or families at this time, we are committed to keeping our community informed as new information becomes available.

Cyber security is everybody's responsibility. We encourage parents to take that advice and change their passwords and continue to monitor their accounts.#beCybersafe

Link to the PowerSchool notice to affected organizations.

January 14, 2025 Update: 

Further to the recent security incident involving PowerSchool, a software vendor which provides our Student Information System (SIS), we have concluded the analysis of our system at Grande Yellowhead Public School Division.

It was determined that within the Student Information System, the student and teacher information “tables” were downloaded by the threat. In those tables are information for all students registered in GYPSD since the 2010/11 school year.

Information includes:

• Names and contact information, including parents and emergency contacts

• Medical considerations (in some cases) such as details about asthma, diabetes, or allergies.

• Birthdates

None of the following information was impacted:

• Passwords of students or parents

• Financial information (finance system is different than our SIS (student information system)

• Documentation such as birth certificates, study visas, etc.

• Photos of students

• Social Insurance Numbers (We do not collect this information)
   

This system is used to communicate all student data with the government. Student and teacher accounts are deactivated when they leave the Division. PowerSchool does not anticipate the data will be shared or made public, and they believe it has been deleted without any further replication or dissemination. They have taken measures to contain the incident and have no evidence of malware or continued unauthorized activity in the PowerSchool environment. PowerSchool has since added additional security measures to prevent unauthorized access.

We are sharing the following best practices to families:

• Review email and social media accounts for unusual activity.

• Regularly update passwords for all accounts, especially if the same password has been used elsewhere.

• Use strong, unique passwords for each account, and consider a password manager for added security.

• Wherever possible, add an extra layer of security by enabling two-factor authentication.

• Watch for phishing attempts. Look for suspicious emails, calls, or messages pretending to be from legitimate organizations. Do not click on unfamiliar links or share personal information.

We do not require that you share any unusual activity with us at GYPSD; the above is a reminder about best practices on the use of social media and internet security. We will share any new information or resources with you if PowerSchool provides any new information or resources.

Thank you for your patience and understanding.

January 27, 2025, Updated Information for Canada Families, Educators, and Customers from PowerSchool

Information for potential individuals that may have been impacted by the recent PowerSchool breach is available from PowerSchool, including access to credit monitoring services if needed.

A FAQ document is also now available from the organization.

March 24, 2025 Update from PowerSchool

PowerSchool has begun sending email notifications to individuals affected by the breach. The email contains instructions on how to access identity protection and credit monitoring services.

Please note that all questions regarding these services should be directed to PowerSchool by calling 1-833-918-7884.