PowerSchool Cybersecurity Incident Update
The following information has been pulled directly from the EIPS website here.
PowerSchool Cybersecurity Incident – Upcoming Notices
Feb. 4, 2025
In continued efforts to provide you with real-time and transparent information regarding the data breach involving PowerSchool (a software vendor used by Elk Island Public Schools), we are sharing an update on notices being sent out in relation to this incident and responses to frequently asked questions.
Starting the week of Feb. 11, 2025, we expect Experian will begin distributing direct email notifications (on behalf of PowerSchool) to EIPS students, parents/guardians and educators (as applicable) whose information was involved in the incident and for whom email contact information was available. The notice includes two years of complimentary identity protection services provided by Experian. For students and educators who are the age of majority, this offer will also include two years of complimentary credit monitoring services provided by TransUnion.
Additionally, PowerSchool has worked with Experian to set up a dedicated, toll-free call centre to answer any questions associated with both Experian and TransUnion’s offerings and the incident. All the information regarding the activation of and access to these services will be included in the emails sent to you by Experian. Whether or not you receive an email, you may also visit PowerSchool’s website to learn how to activate these offerings.
We care deeply about the welfare of our EIPS families and will continue to do everything we can to support you. Thank you again for your support and understanding during this time.
Frequently Asked Questions
Feb. 4, 2025
What solutions are being offered to impacted individuals?
PowerSchool has engaged TransUnion and Experian, trusted credit reporting agencies, to offer two years of complimentary identity protection services for all students and educators whose information was involved. This offer will also include two years of complimentary credit monitoring services for all students and educators whose information was involved and who have reached the age of majority.
The offered credit monitoring services, which will be available for those who have reached the age of majority, will be provided by TransUnion; the offered identity protection services, which will be available for all involved students and educators, will be provided by Experian. Credit monitoring is being provided by TransUnion because Experian does not offer credit monitoring in Canada.
I didn’t receive a notice but feel I should have?
The week of Feb. 11, 2025, PowerSchool will begin contacting current and former EIPS members for whom email addresses were available. Please check your junk mail in the event the letter may be misdirected to this folder.
If you do not receive an email, please follow this link to view a copy of the notification letter and to register for your complimentary identity protection services (for all students and educators) and credit monitoring services (for all students and educators who are the age of majority).
What happened?
On Jan 8, 2025, Elk Islands Public Schools was notified by PowerSchool—a third-party software vendor whose platform we, and many other schools in North America and around the world, use to store student and staff information—of a data breach.
Although the breach did not originate on EIPS' systems, as soon as we learned of this incident, we initiated our security protocols, including engaging cybersecurity specialists. Our daily operations have not been interrupted because of this incident and schools continue to operate as usual.
We've been informed by PowerSchool that the incident is contained and there is no evidence of continued unauthorized activity in the PowerSchool platform. We are not aware of any data misuse at this point. PowerSchool has advised it has received confirmation the data accessed by the unauthorized user has been deleted and that no copies of this data were posted online.
Are accounts through PowerSchool secure?
Usernames and passwords were not impacted in this breach.
Was financial information stolen?
We want to assure you that no financial information (including credit cards) was accessed or stored in PowerSchool. When EIPS parents or guardians make a payment, they are redirected to a separate payment platform via a secure link. PowerSchool cannot access financial information stored on this payment platform, nor does this payment platform share data back with PowerSchool. The recent data breach was limited to PowerSchool’s platform only.
Who is affected?
All current and former EIPS students who attended EIPS from 2009 onwards and current and former staff who had a PowerSchool account from 2009 onwards.
What data was impacted?
On Dec. 22, 2024, an unauthorized party accessed PowerSchool’s platform where we store student and staff information. EIPS has completed a thorough review of impacted data and can confirm the following data was accessed as a result of this incident:
- Students: name, date of birth, grade level, mailing address, Alberta Student Number, parent/guardian names, home phone number, graduation year and some emergency contact and medical information (for example, doctors' names and phone numbers)
- Staff: name, work email address, employee ID, PowerSchool username (firstname.lastname)
Note: Data taken for former students and staff would have been accurate as of the last time they were enrolled or employed with the Division, respectively.
Documents (for example, birth certificates) uploaded within PowerSchool were not impacted as a result of this incident.
Were photos accessed?
No staff or student photos were accessed in this incident.
What happens next?
We will be contacting guardians of currently enrolled students and current staff directly with a letter to share information about the incident and any recommendations on steps you can take to protect your and your child’s information. Students not currently enrolled and staff no longer employed who are impacted by this data breach are contacted through this website notice. If there are any important updates, we will release it through our website.
In the meantime, questions can be submitted via the Division website online contact form or directly with our school administration.