January 10, 2025
Please be aware of a recent cybersecurity incident involving PowerSchool, a software vendor which provides our Student Information System (SIS).
On Tuesday, January 7, 2025, PowerSchool informed our leadership team that they experienced a cybersecurity incident involving unauthorized access to certain PowerSchool SIS customer data. Unfortunately, they have confirmed that the information belongs to some of our families and educators.
PowerSchool informed us that the taken data primarily includes parent and student contact information with data elements such as name and address information. Across their customer base, they have determined that for a portion of individuals, some personally identifiable information (PII), such as medical alerts and custody alerts, was impacted. They are working with urgency to complete their investigation and determine whether PII belonging to our students was included.
We want to assure everyone that the following sensitive data was NOT accessed, NOR is the data stored in our student information system:
· Social Security numbers
· Credit card numbers
· Banking or other financial information
Protecting our students is something we take seriously. With PowerSchool’s help, more information and resources (including credit monitoring or identity protection services if applicable) will be provided to you as it becomes available.
What We Are Doing
We take this incident seriously and are taking the following actions:
· As a precaution, we are implementing a K-12 mandatory password reset for staff and students.
· We also encourage parents and caregivers to reset their PowerSchool password as well.
· Conducting a comprehensive review of our IT infrastructure.
How This Affects You
At this time, we believe there is no evidence of misuse of the accessed information. However, we encourage affected individuals to remain vigilant by monitoring their accounts and being cautious of phishing emails or other suspicious communications.
We apologize for this incident and the concern it may cause. Transparency and trust are our priorities, and we will keep our community updated as appropriate.
For More Information
For the latest updates, please visit this page regularly.
Thank you for your understanding and support as we work to ensure the safety of our community’s data.
Update: January 10, 2025 @ 4:00PM
Please click here to view PowerSchool's official breach notification.
Below are a few FAQs regarding the incident.
Did GCASD experience a data breach?
No. GCASD's systems were not breached. PowerSchool is a vendor of GCASD and it was PowerSchool who had an unauthorized party breach of its systems.
What Personal Information Was Accessed?
PowerSchool has informed GCASD that the nature of GCASD's data within PowerSchool’s system that was accessed may include sensitive student information such as names, addresses, demographic information, and/or protected health information. GCASD has also investigated what personal information was accessed during the breach and has determined that protected health information such as a medical diagnosis, injury, allergy information, or food sensitivity may also have been exposed. As previously mentioned, we can confirm that no social security numbers are stored in our student information system.
What Has PowerSchool Done to Remedy the Breach?
To date, PowerSchool has taken swift action to address the breach, including:
Engaging third-party cybersecurity experts and law enforcement to assist in their investigation.
Deactivating the compromised credentials and restricting access to the affected portal.
Implementing a complete password reset and enhanced access controls to prevent future incidents.
What Can You Do to Protect Yourself?
We strongly advise that you take preventive measures to help prevent and detect any misuse of your information. We recommend that you closely monitor your financial accounts and if you see any unauthorized activity, you should promptly contact your financial institution.
Additionally, you may want to contact the three U.S. credit reporting agencies (Equifax, Experian, and TransUnion) to obtain a free credit report from each by calling 1.877.322.8228 or by logging onto www.annualcreditreport.com.
Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically. Checking your credit reports periodically can help you spot a problem and address it quickly.