On Dec. 28, 2024, PowerSchool, a third-party service provider used by Near North District School Board (NNDSB) became aware of a cybersecurity incident involving unauthorized access to certain PowerSchool Student Information System (SIS) information.

On Tuesday, Jan. 7, 2025, PowerSchool notified us of the incident and that personal information of our students and educators may have been impacted.

Many public boards and private schools across North America who use PowerSchool SIS were affected by this incident.

We have worked with PowerSchool to determine that the following Board information was affected:

Student information:

For all students who have been enrolled in NNDSB since Sept. 8, 2015, the information affected includes: student first name; student last name; student Ontario Education Number; enrolment start and end dates; last grade attended at NNDSB; student gender; student date of birth; student address.

For most students who have been enrolled since Sept. 8, 2015, the information affected includes: student home phone number; doctor’s phone number.

For some students who have been enrolled since Sept. 8, 2015, the information affected includes: medical alert information; guardian email address; student emergency contacts’ names and phone numbers; date of graduation.

For a very small number of students enrolled from Sept. 8, 2015, the following information was also affected: mother’s name; father’s name; summer school information (what school the student came from and will be attending).

With respect to medical alert information, if you provided information to your child’s school about your child’s allergies, medical conditions or injuries when completing the start of school year forms, this information was included in the data that may have been accessed or acquired.

Please note that medical information provided to members of NNDSB’s special education and/or mental health teams (e.g. psychologists, occupational therapists, physiotherapists, audiologists, speech-language pathologists, and social workers) was not impacted by this incident.

This incident did not result in the compromise of any of the following information: financial information; health assessment information; student academic grades (marks); students’ individual education plans; accommodations.

Staff information:

Any current or former employees of NNDSB who were employed at any time since Sept. 1, 2021, may have been affected. The information affected includes: employee identification number; first name; last name.

For a very small number of current or former employees of NNDSB who were employed at any time since Sept. 1, 2021, the information affected includes: middle name; home phone number; home address; city; preferred name.

Please note that sensitive staff information, like personal phone numbers, and financial information, was not compromised.

Although this cyber incident did not take place in a NNDSB environment, as part of our own investigative process, we are working with industry experts and using this incident as an opportunity to review our vendor retention practices and improve how we protect personal information.

PowerSchool has posted an FAQ on their website to share information, which includes steps they have taken to address this incident and protect student, family and educator information moving forward.

Visit: https://www.powerschool.com/security/sis-incident/

Yes, the Board has notified and is working with the Ontario Information and Privacy Commissioner in responding to this incident. While you are entitled to file a complaint, the IPC has advised that it is not necessary as they are already investigating the matter. You can visit the IPC’s website at www.ipc.on.ca.

No. Both PowerSchool and the Board’s own internal investigation can confirm that there is no evidence of any credit card or banking information being compromised.

PowerSchool has reported that it received confirmation that the data acquired by the unauthorized user was deleted and that the data was not posted online.

We keep information about former students in accordance with provincial requirements under the Education Act and to respond to former student information requests. We are taking this opportunity to assess our records retention practices to ensure that we are only keeping what is necessary to conduct the Board’s business.

Our PowerSchool SIS stores data for students who were enrolled or attended a NNDSB school from Sept. 8, 2015 onwards. If you were a NNDSB student prior to this, your information was not impacted as part of this incident.

Not at this time. NNDSB is using this incident to review the information practices of all of its vendors.

Not at this time.

No. Only PowerSchool SIS was impacted by this incident. Other PowerSchool tools, like SchoolMessenger were not impacted.

If you have additional questions, please contact us at PowerSchoolbreach@nearnorthschools.ca. You will receive an autoreply with a link to a form to be filled out so that staff can begin processing requests for information. Please understand that those who contact NNDSB regarding this incident will need to verify their identity before we can release information about the specific impact to their information.