News

PowerSchool Cyber Incident

January 30, 2025

We are writing to provide an update on the cyber incident involving PowerSchool's Student Information System – the application used by 萝莉原创 (萝莉原创) and many school boards across North America to store certain student and staff information.

On Tuesday, January 7, 2025, PowerSchool informed school boards, including 萝莉原创, that a data breach occurred within their system.  At that time, based on information initially provided by PowerSchool, there was no indication that our data had been compromised. 

However, since then, PowerSchool has shared additional details regarding the breach.  Following a thorough analysis conducted by our cybersecurity team, we can now confirm that 萝莉原创 has been impacted by this incident. 

This incident has affected current and former students and staff. Please note that we will also be posting this notice on our website to notify 萝莉原创's former students and staff who may be affected.   

What Happened

On January 7th, PowerSchool informed 萝莉原创 and other school boards, both nationally and internationally,  that it had experienced a cyber incident.

Since then, we have been working with PowerSchool and conducting our own independent investigation, with the assistance of internal and external experts, to determine the precise information that was affected.

PowerSchool has reported that it received confirmation that the data acquired by the unauthorized user was deleted and that the data was not posted online.  Nevertheless, 萝莉原创 continues to take this incident very seriously, and is working with PowerSchool to ensure an incident like this does not happen again in the future.

What Information Was Affected

We have worked with PowerSchool and concluded our analysis and can confirm that limited student and staff information was impacted as part of this incident.

For all students enrolled at 萝莉原创 from September 1, 2015, to December 22, 2024, the information includes: student name, address, home phone number, date of birth, gender, grade, graduating year, date of student registration, parent/guardian name, parent/guardian email address, and Ontario Education Number. For most students, the data also included their emergency contact name and contact information, and school transfer information.

For a limited number of students enrolled from September 1, 2015, to December 22, 2024, the following additional information was also affected: medical alert information, doctor's name, doctor's number, locker number and locker combination.

With respect to medical alert information, if you provided information to your child's school about your child's allergies, medical conditions or injuries when completing the start of school year forms, this information was included in the data that may have been accessed or acquired.

This incident did not result in the compromise of any of the following information:

Financial information, health assessment information, student academic grades, and records included in our system provided to or by members of 萝莉原创's Student Support team (e.g. Psychological Services, Audiologist, Speech-Language Pathologists, and Social Workers), such as information related to Individual Placement Review Committee decisions (IPRCs), Individual Education Plans (IEPs) or accommodations.

For Teachers, and System Administrators (School Secretaries, System Principals, IT staff) who worked at 萝莉原创 from September 1, 2015, to December 22, 2024 and who have access to the PowerSchool student information system, affected data includes employee name, 萝莉原创 username, Board email address, and job title. For a small number of staff, home address and home phone number were also impacted.

Staff who do not have access to the PowerSchool student information system were not affected by this cyber incident (e.g. Support Staff such as Custodial staff, Maintenance staff, Student Support Professionals, and Lunchroom Supervisors).

To be clear, 萝莉原创 does not store any Social Insurance Numbers, financial, or banking information in the PowerSchool Student Information System, so that information was not affected in any way.

The Board has notified and is working with the  in responding to this incident. While you are entitled to file a complaint, the IPC has advised that it is not necessary as they are already investigating the matter. You can visit the IPC's website at .

Where Can I Find the Latest Information?

We will continue to provide additional updates as we receive them. Frequently Asked Questions (FAQ) can be found below, and we will continue to update the FAQs with any new or relevant information. You can also view  on their website.

At this time, there is no action for you to take.  Nevertheless, staff and families are reminded to be vigilant following the PowerSchool data breach. 

If you wish to have more information about this incident, we invite you to contact us at powerschoolincident@sgdsb.on.ca

We appreciate your patience and understanding, and sincerely regret any concern this has caused you.

Sincerely,

萝莉原创

Frequently Asked Questions

What happened? 

On December 28, 2024, PowerSchool, a third-party service provider used by the 萝莉原创 (萝莉原创), became aware of a cybersecurity incident involving unauthorized access to certain PowerSchool Student Information System (SIS) information.

On January 7, 2025, PowerSchool notified 萝莉原创 of the incident and that personal information of our students and educators may have been impacted. At that time, based on information initially provided by PowerSchool, there was no indication that our data had been compromised. 

However, since then, PowerSchool has shared additional details regarding the breach.  Following a thorough analysis conducted by our cybersecurity team, we can now confirm that 萝莉原创 has been impacted by this incident. 

What is PowerSchool?  

PowerSchool is a software company utilized by many school boards internationally to store a range of student information and a limited amount of school-based staff information.

Who was affected?

Many public boards and private schools across North America who use PowerSchool SIS were affected by this incident.

What data was accessed?

We have worked with PowerSchool to determine that the following information was affected:

For all students enrolled at 萝莉原创 from September 1, 2015, to December 22, 2024, the information includes: student name, address, home phone number, date of birth, gender, grade, graduating year, date of student registration, parent/guardian name, parent/guardian email address, and Ontario Education Number. For most students, the data also included their emergency contact name and contact information, and school transfer information.

For a limited number of students enrolled from September 1, 2015 to December 22, 2024, the following additional information was also affected: medical alert information, doctor's name, doctor's phone number, locker number and locker combination.

With respect to medical alert information, if you provided information to your child's school about your child's allergies, medical conditions or injuries when completing the start of school year forms, this information was included in the data that may have been accessed or acquired.

The following was NOT part of the data accessed:

  • Academic records.
  • Social insurance numbers, banking or financial information.
  • Records included in our system provided to or by members of 萝莉原创's Student Support team (e.g. Psychological Services, Audiologist, Speech-Language Pathologists, and Social Workers), such as information related to Individual Placement Review Committee decisions (IPRCs), Individual Education Plans (IEPs) or accommodations.

For Teachers, and System Administrators (School Secretaries, System Principals, IT staff) who worked at 萝莉原创 from September 1, 2015, to December 22, 2024, and who have access to the PowerSchool SIS system: 

  • Employee name
  • Employee number
  • 萝莉原创 username
  • 萝莉原创 email address

For a small number of teachers, administrators, school office staff, superintendents and department staff who worked at 萝莉原创 from 2015-2024 and who have access to the PowerSchool SIS system:

  • 萝莉原创 address
  • 萝莉原创 phone number

Please note that sensitive educator information, like financial information, was not compromised.

Other staff  

Staff who do not have access to the PowerSchool student information system were not affected by this cyber incident.  

What steps are you taking to prevent this from happening again?

Although this cyber incident did not take place in a 萝莉原创 environment, as part of our own investigation process, we are working with industry experts and using this incident as an opportunity to review our vendor retention practices and improve how we protect personal information. We are committed to continuously improving our systems and processes to safeguard the privacy of our community. We have many measures in place to protect student, staff, and family data and will continue to implement industry best-practices and provide extensive training for our staff.

Where can I learn more about the incident?

PowerSchool has  to share information, which includes steps they have taken to address this incident and protect student, family and educator information moving forward. 

Did the Board notify the Office of the Information and Privacy Commissioner?

Yes, the Board has notified and is working with the  in responding to this incident. While you are entitled to file a complaint, the IPC has advised that it is not necessary as they are already investigating the matter.

Was any credit card or banking information involved in this incident?

No. Both PowerSchool and the Board's own internal investigation can confirm that there is no evidence of any credit card or banking information being compromised. 

Is there any indication that compromised information has been released?

There is no evidence of the compromised information having been released at this time.

Why were you keeping my student data if I was no longer enrolled in the board?

We keep information about former students in accordance with provincial requirements under the Education Act and to respond to former student information requests. We are taking this opportunity to assess our records retention practices to ensure that we are only keeping what is necessary to conduct the Board's business.

I attended the 萝莉原创 many years ago. Was my information impacted?

Our PowerSchool SIS stores data for students who attended a 萝莉原创 school from 2015-2024. If you were a 萝莉原创 student prior to this, your information was not impacted as part of this incident. 

Is credit monitoring being provided?

PowerSchool has agreed to provide two years of credit monitoring and identity monitoring to all adult students and staff affected by this incident. Those who are still minors will be offered two years of identity monitoring. We expect to be issuing an update on this in the coming weeks.

Can I opt-out of PowerSchool?

Not at this time. 萝莉原创 is using this incident to review the information practices of all of its vendors.

Is the Board changing vendors?

Not at this time.

Were all PowerSchool products impacted?

No. Only PowerSchool SIS was impacted by this incident. Other PowerSchool tools were not impacted. 

I have additional questions not addressed by these FAQs.

A dedicated email address has been created where individuals can send any additional questions they may have.  Please send any additional questions to powerschoolincident@sgdsb.on.ca