ÌðÐÄÖ±²¥

    PowerSchool Data Breach Updates

    Frequently Asked Questions (FAQs)

    The Incident

    What happened?

    On January 7, 2025, PowerSchool informed ÌðÐÄÖ±²¥ that it had experienced a cybersecurity incident involving unauthorized access to certain customer information in late December 2024. ÌðÐÄÖ±²¥ is a customer of PowerSchool, like many other educational institutions across North America. PowerSchool provides a Student Information System (SIS).

    PowerSchool also informed us that the unauthorized access included access to information related to ÌðÐÄÖ±²¥. We await additional details from PowerSchool about the information affected and are committing to sharing details when we have them.

    We have been informed that PowerSchool has contained the incident and that there is no evidence of malware or continued unauthorized activity in the PowerSchool environment. There have been no operational impacts on ÌðÐÄÖ±²¥ as a result of this incident.

    Who did this and for what purpose?

    This incident occurred at PowerSchool. We await additional details about the incident from PowerSchool. Unfortunately, organizations across the public and private sectors are increasingly being impacted by incidents like this. 

    How did you respond to the incident?

    Upon becoming aware of the cybersecurity incident, ÌðÐÄÖ±²¥ has been working diligently to investigate, to request more details from PowerSchool, and ask questions about the details it has provided to date. We have also been investigating this incident ourselves, with assistance from experts. We await additional details from PowerSchool about the information accessed as a result of this incident so we can take further action. 

    PowerSchool has informed us that it has taken various response actions, including containing the incident, informing law enforcement, investigating the incident, conducting a full internal password reset, and tightening password security for all of its internal accounts.

    PowerSchool is in the process of notifying Canadian regulators about this incident. (ÌðÐÄÖ±²¥ has already notified the Manitoba Ombudsman.) PowerSchool has engaged Experian to offer two years of complimentary identity protection services for all students and educators whose information was involved. PowerSchool has also engaged TransUnion to offer two years of complimentary credit monitoring services for all students and educators whose information was involved and who have reached the age of majority. Starting in the next few weeks, PowerSchool will provide notice to students, parents/guardians, and educators whose information was involved, as well as a phone number to answer any questions they may have about the incident. 

    How long will the investigation take?

    PowerSchool has advised it intends to provide additional details shortly. Once we have additional details from PowerSchool, we will seek to complete our investigation as quickly as possible.

    Has the incident been resolved?

    We have been informed that PowerSchool has contained the incident and that there is no evidence of malware or continued unauthorized activity in the PowerSchool environment. There have been no operational impacts on ÌðÐÄÖ±²¥ as a result of this incident.

    The Response

    Has law enforcement been notified?

    Yes, PowerSchool has advised us that it has notified law enforcement.

    Has the Manitoba Ombudsman been advised?

    Yes, the Manitoba Ombudsman has been advised.

    The Impact

    Why did this happen to ÌðÐÄÖ±²¥?

    PowerSchool is a vendor used by many educational institutions in North America. We are a customer of PowerSchool and, as a result of the incident experienced by PowerSchool, we were impacted. We have no reason to believe that ÌðÐÄÖ±²¥ was a specific target in this incident.

    The Data

    Has information been accessed? Was information from ÌðÐÄÖ±²¥ exposed?

    PowerSchool confirmed that there was unauthorized access to certain PowerSchool customer data, including data related to ÌðÐÄÖ±²¥. PowerSchool’s investigation is ongoing and we await additional details from PowerSchool about the information accessed as a result of the incident. We understand that you may be looking for additional details as well. Rest assured that when we have details to share, we are committed to sharing them.

    Based on our own investigation to date of the information stored in our SIS, we can advise that, except for 12 individuals whose Social Insurance Number (SIN) were identified as stored in our SIS, no parent/guardian, staff, or student SIN, banking, or credit information has been identified as stored in our SIS. PowerSchool has nevertheless advised us that the identity protection and credit monitoring offers mentioned above will be sent to all individuals with any information involved. With respect to the 12 individuals whose SINs were identified as stored in our SIS, it is not yet known if these were involved in the incident. We have nevertheless already contacted the individuals whose SIN was identified as stored in our SIS out of an abundance of caution and provided two years of complimentary credit monitoring services offered by TransUnion. If you did not receive a notice from us stating that your SIN was stored in our SIS, then we have NOT identified your SIN as stored in our SIS

    January 30, 2025 

    Dear ÌðÐÄÖ±²¥ (ÌðÐÄÖ±²¥) Community, 

    We are writing to provide an update about the cybersecurity incident that PowerSchool, our student information system (SIS) provider, recently experienced. 

    We appreciate that more details about this incident that is impacting educational institutions across North America are needed. We have been working diligently to request more details from PowerSchool and ask questions about the details it has provided to date. We have also been investigating this incident ourselves, with assistance from experts. 

    While PowerSchool has advised that its investigation is still ongoing, it has provided some additional details and next steps: 

    • Identity Protection and Credit Monitoring Services: PowerSchool has engaged Experian to offer two years of complimentary identity protection services for all students and educators whose information was involved. PowerSchool has also engaged TransUnion to offer two years of complimentary credit monitoring services for all students and educators whose information was involved and who have reached the age of majority. 
    • Notification to Individuals Involved: Starting in the next few weeks, PowerSchool will provide notice to students, parents/guardians, and educators whose information was involved, as well as a phone number to answer any questions they may have about the incident. The notice will include the identity protection and credit monitoring services offered, as mentioned above. 
    • PowerSchool is in the process of notifying Canadian regulators about this incident. (ÌðÐÄÖ±²¥ has already notified the Manitoba Ombudsman.)  
    • You may visit for up-to-date information on the incident.

    Based on our own investigation to date of the information stored in our SIS, we can advise that, except for 12 individuals whose Social Insurance Number (SIN) were identified as stored in our SIS, no parent/guardian, staff, or student SIN, banking, or credit information has been identified as stored in our SIS. PowerSchool has nevertheless advised us that the identity protection and credit monitoring offers mentioned above will be sent to all individuals with any information involved. With respect to the 12 individuals whose SINs were identified as stored in our SIS, it is not yet known if these were involved in the incident. We have nevertheless already contacted the individuals whose SIN was identified as stored in our SIS out of an abundance of caution and provided two years of complimentary credit monitoring services offered by TransUnion. If you did not receive a notice from us stating that your SIN was stored in our SIS, then we have NOT identified your SIN as stored in our SIS.

    We await additional details from PowerSchool about the findings of its investigations, the information involved in this incident, and the timing of the notices it will send. We will provide you with a further update on this when available. Rest assured that when we have details to share, we are committed to sharing them. 

    There continue to be no operational impacts on ÌðÐÄÖ±²¥ as a result of this incident. PowerSchool has assured us that the incident has been contained. 

    In ÌðÐÄÖ±²¥, we take cybersecurity and protecting information seriously. We will post updates about the PowerSchool cybersecurity incident on our website and social media accounts. We have provided on our website some answers to questions you may have. If you have any additional questions, they can be directed to . 

    Thank you for your continued understanding and patience as we navigate this situation. 

    Regards,

    Christian Michalik

    Superintendent & CEO

    January 13, 2025

    Dear ÌðÐÄÖ±²¥ (ÌðÐÄÖ±²¥) community, 

    We are writing to provide a brief update about the cybersecurity incident that PowerSchool, our student information system provider, recently experienced.

    PowerSchool’s investigation is ongoing and we await additional details from PowerSchool about the information accessed as a result of the incident. We share your concerns about this incident that is impacting educational institutions across North America. We also understand that you may be looking for additional details as well. Rest assured that when we have details to share, we are committed to sharing them.

    There have been no operational impacts on ÌðÐÄÖ±²¥ as a result of this incident. PowerSchool has assured us that the incident has been contained.

    In ÌðÐÄÖ±²¥, we take cybersecurity and protecting information seriously. We will post updates about the PowerSchool cybersecurity incident on our website and social media accounts. We have provided below and on our website some answers to questions you may have. If you have any additional questions, they can be .

    Thank you for your understanding and patience as we navigate this situation.

    Regards,

    Christian Michalik
    Superintendent & CEO

    January 8, 2025

    Dear ÌðÐÄÖ±²¥ (ÌðÐÄÖ±²¥) community, 

    We are writing to inform you that on January 7, 2025, ÌðÐÄÖ±²¥ was notified by our student information system (SIS) provider, PowerSchool, that a cybersecurity event had occurred in late December and that some of our PowerSchool data was accessed.

    PowerSchool, not ÌðÐÄÖ±²¥, was the target of the cybersecurity event. PowerSchool customers across Canada and the United States have been impacted, including ÌðÐÄÖ±²¥. 

    To this point, PowerSchool has worked with cybersecurity experts to resolve the situation. PowerSchool has provided us with assurances that the accessed data has now been deleted. Furthermore, PowerSchool has confidence that the data was not copied or uploaded elsewhere. PowerSchool is actively engaged with cybersecurity professionals to continue to monitor this event.

    ÌðÐÄÖ±²¥ has taken the necessary preliminary steps to respond to this situation, which includes involving the appropriate professionals. No other school division systems or data was accessed or compromised.

    We are currently investigating the impact of this cybersecurity event in ÌðÐÄÖ±²¥. At this time, we believe that the data accessed included some specific personal information of students and the name and email address of ÌðÐÄÖ±²¥ staff who are PowerSchool users. 

    Please be assured that the safety and security of our data—particularly the information of your children and of our staff is of paramount importance to us and to PowerSchool. We regret that this has occurred, and we will continue to collaborate on this matter.

    It is our commitment to you to continue to communicate. As information becomes available, we will be updating on this page. If you have any questions, please direct them to communications@lrsd.net.

    Regards,

    Ron Cadez

    Acting Superintendent while Christian Michalik is away from the office