Powerschool Breach

POWERSCHOOL INCIDENT FAQs
On Dec. 28, 2024, PowerSchool, a third-party service provider used by Near North District School Board (NNDSB) became aware of a cybersecurity incident involving unauthorized access to certain PowerSchool Student Information System (SIS) information.
On Tuesday, Jan. 7, 2025, PowerSchool notified us of the incident and that personal information of our students and educators may have been impacted.
Many public boards and private schools across North America who use PowerSchool SIS were affected by this incident.
We have worked with PowerSchool to determine that the following Board information was affected:
Student information:
For all students who have been enrolled in NNDSB since Sept. 8, 2015, the information affected includes: student first name; student last name; student Ontario Education Number; enrolment start and end dates; last grade attended at NNDSB; student gender; student date of birth; student address.
For most students who have been enrolled since Sept. 8, 2015, the information affected includes: student home phone number; doctor’s phone number.
For some students who have been enrolled since Sept. 8, 2015, the information affected includes: medical alert information; guardian email address; student emergency contacts’ names and phone numbers; date of graduation.
For a very small number of students enrolled from Sept. 8, 2015, the following information was also affected: mother’s name; father’s name; summer school information (what school the student came from and will be attending).
With respect to medical alert information, if you provided information to your child’s school about your child’s allergies, medical conditions or injuries when completing the start of school year forms, this information was included in the data that may have been accessed or acquired.
Please note that medical information provided to members of NNDSB’s special education and/or mental health teams (e.g. psychologists, occupational therapists, physiotherapists, audiologists, speech-language pathologists, and social workers) was not impacted by this incident.
This incident did not result in the compromise of any of the following information: financial information; health assessment information; student academic grades (marks); students’ individual education plans; accommodations.
Staff information:
Any current or former employees of NNDSB who were employed at any time since Sept. 1, 2021, may have been affected. The information affected includes: employee identification number; first name; last name.
For a very small number of current or former employees of NNDSB who were employed at any time since Sept. 1, 2021, the information affected includes: middle name; home phone number; home address; city; preferred name.
Please note that sensitive staff information, like personal phone numbers, and financial information, was not compromised.
Although this cyber incident did not take place in a NNDSB environment, as part of our own investigative process, we are working with industry experts and using this incident as an opportunity to review our vendor retention practices and improve how we protect personal information.
PowerSchool has posted an FAQ on their website to share information, which includes steps they have taken to address this incident and protect student, family and educator information moving forward.
Yes, the Board has notified and is working with the Ontario Information and Privacy Commissioner in responding to this incident. While you are entitled to file a complaint, the IPC has advised that it is not necessary as they are already investigating the matter. You can visit the IPC’s website at www.ipc.on.ca.
No. Both PowerSchool and the Board’s own internal investigation can confirm that there is no evidence of any credit card or banking information being compromised.
PowerSchool has reported that it received confirmation that the data acquired by the unauthorized user was deleted and that the data was not posted online.
We keep information about former students in accordance with provincial requirements under the Education Act and to respond to former student information requests. We are taking this opportunity to assess our records retention practices to ensure that we are only keeping what is necessary to conduct the Board’s business.
Our PowerSchool SIS stores data for students who were enrolled or attended a NNDSB school from Sept. 8, 2015 onwards. If you were a NNDSB student prior to this, your information was not impacted as part of this incident.
Not at this time. NNDSB is using this incident to review the information practices of all of its vendors.
Not at this time.
No. Only PowerSchool SIS was impacted by this incident. Other PowerSchool tools, like SchoolMessenger were not impacted.
If you have additional questions, please contact us at PowerSchoolbreach@nearnorthschools.ca. You will receive an autoreply with a link to a form to be filled out so that staff can begin processing requests for information. Please understand that those who contact NNDSB regarding this incident will need to verify their identity before we can release information about the specific impact to their information.
Offer: Experian Identity Protection Services – Available to All Involved Students and Staff
Enrollment Instructions for Experian IdentityWorks
- Ensure that you enroll by May 30, 2025 (Your code will not work after this date at 5:59 UTC)
- Visit the Experian IdentityWorks website to enroll:
https://www.globalidworks.com/identity1
- Provide your activation code: MPRT987RFK
- For questions about the product or help with enrollment, please email globalidworks@experian.com
Details Regarding Your Experian IdentityWorks Membership
A credit card is not required for enrollment in Experian IdentityWorks. You can contact Experian immediately regarding any fraud issues, and have access to the following features once you enroll in Experian IdentityWorks:
- Internet Surveillance: Technology searches the web, chat rooms & bulletin boards 24/7 to identify trading or selling of your personal information on the Dark Web.
- Fraud Remediation Tips: Self-help tips are available on your member center.
Offer: TransUnion Credit Monitoring Services – Available to Involved Students and Staff Who have Reached the Age of Majority in their Applicable Province or Territory
Enrollment Instructions for TransUnion myTrueIdentity
- Please visit http://www.powerschool.com/security/canada-credit-monitoring/. There you will find a link to the validation website, https://CaCreditMonitoringValidationPage-PowerSchool.com/, where you will be prompted to validate your information by entering your first name, last name and year of birth.
- If your identity is validated, a pop up will appear that provides an activation code and provides you a link to TransUnion’s myTrueIdentity site to enroll.
Details Regarding your myTrueIdentity Membership
Upon completion of the online enrollment process, you will have access to the following TransUnion myTrueIdentity features:
- Unlimited online access to your TransUnion Canada credit report, updated daily. A credit report is a snapshot of your financial history and one of the primary tools leveraged for determining credit-related identity theft or fraud.
- Unlimited online access to your CreditVision® Risk credit score, updated daily. A credit score is a three-digit number calculated based on the information contained in your TransUnion Canada credit report at a particular point in time.
- Credit monitoring, which provides you with email notifications to key changes on your TransUnion Canada credit report. In today’s virtual world, credit alerts are a powerful tool to help protect you against identity theft, enable quick action against potentially fraudulent activity and provide you with additional reassurance.
- Access to online educational resources concerning credit management, fraud victim assistance and identity theft prevention.
- Access to Identity Restoration agents who are available to assist you with questions about identity theft. In the unlikely event that you become a victim of fraud; a personal restoration specialist will help to resolve any identity theft. This service includes up to $1,000,000 of expense reimbursement insurance.
- Dark Web Monitoring, which monitors surface, social, deep, and dark websites for potentially exposed personal, identity and financial information and helps protect you against identity theft.