Quick Links
Skip to main contentSkip to navigation

Sutherland Public Schools

Main Navigation

District

Working...

Ajax Loading Image

 

Data Breach Notification - Feb 4, 2025

 

Dear Sutherland Families and Students, 

We are writing to share information about a data breach that has affected our school district  and many others around the state, nation, and globe. We have been notified by PowerSchool,  the company that provides the student information system used by our District, of a  cybersecurity incident affecting their systems. PowerSchool has informed us that this incident  involved unauthorized access to their data systems globally on December 22, 2024.  PowerSchool supports over 60 million students and over 18,000 customers worldwide. 

We want to share our current understanding of this incident and how it has affected Sutherland Public Schools’ students. This situation is concerning, and we are actively working to get more information through PowerSchool as it is provided, and we will share this information with you. 

Summary of events

On January 7, PowerSchool informed us that a threat actor compromised  their company-level security. The actor was able to use a PowerSchool remote support tool to access many districts’ data across multiple countries, including Sutherland Public Schools.  

PowerSchool has assured its customers the incident has been contained prior to any of the  stolen data being disseminated. Their response team has stated there is no evidence of  continued unauthorized activity and they have taken a number of security steps to protect  their clients. Our internal review of our system supports the timelines for unauthorized access presented by PowerSchool. 

What we know from PowerSchool: 

  • They do not anticipate that the data compromised will be shared or made public. PowerSchool contracted multiple vendors with expertise in this situation to help contain and respond to the threat. The response team believes the data accessed has been irrevocably destroyed without any replication or dissemination.  
  • PowerSchool said it did not experience a ransomware attack. 
  • They are working with a cybersecurity technology company to monitor the public  domain to ensure the data was not and will not be re-shared.
  • They are working with federal agencies to identify the actor(s) involved. 

What data was affected at Sutherland Public Schools?

This incident resulted in the downloading of student demographic data located in the Sutherland Public Schools PowerSchool system (including names, addresses, phone numbers, email addresses, student ID numbers, and dates of birth).  

The data did NOT include any passwords, credit card information, legal documents used during student registration, or other educational information about students. Student health records were NOT included, although if a health alert was included in a student’s demographic data (such as a food allergy) that may have been included.  

Social security numbers for some students, and some staff, were in this system. Again, PowerSchool has indicated that they believe all the data that was downloaded has been destroyed at this time. We have wiped the system of all Social Security numbers. 

What are PowerSchool’s next steps? 

We learned as much as we could in a webinar hosted by PowerSchool’s senior executives.  Information provided to us includes: 

  • PowerSchool will be providing credit monitoring to affected individuals in accordance with regulatory and contractual obligations, with more details to come as they continue their investigation.
  • They will keep us updated in the coming days and weeks. 

What are our next steps? 

  • Because no passwords were accessed for student, or parent portal accounts, and  because of the process we use to log in to PowerSchool, there is no need for password  changes in the district at this time. 
  • A major factor in this incident was the lack of multi-factor authentication (MFA) in  accessing the resource used to steal the data. Though the breach did not have anything  to do with user accounts here at Sutherland, it does highlight the ever increasing need to  use best practice to secure access to our systems. 

What steps should you take at this time?

While PowerSchool continues to investigate, we recommend the following precautionary measures and diligence: 

  • Monitor your district computer accounts: Keep a close eye on your accounts and report  any suspicious activity to SPS administration. 
  • Be cautious of phishing:  Be vigilant about unexpected emails or calls requesting personal or school information. 

We are working hard to do everything possible to prevent cybersecurity issues with the systems under our control, and we are deeply concerned this breach in the PowerSchool  global system compromised some of our data. When there is further guidance from PowerSchool or we receive other information, we will provide you with an update. 

Maintaining the trust and safety of our students, staff and families, is our highest priority. If you have any questions or concerns regarding this matter, please do not hesitate to contact me directly. 

Thank you for your understanding and continued support. 

 

Sincerely, 

Ted Classen

Superintendent 

Sutherland Public Schools