PowerSchool Cybersecurity Incident
January 15, 2025
Dear APS families, students, and staff,
I am writing to update you about the recent cybersecurity incident experienced by PowerSchool, a software vendor which provides our Student Information System.
Avon Public Schools was notified on January 7, 2025 of the unauthorized acquisition of certain data stored within PowerSchool through PowerSchool's customer support platform. Avon was further advised that data belonging to many school districts across the country, including Avon, was impacted in the incident. PowerSchool informed us that the incident only affected their Student Information System and none of their other products or services were impacted.
PowerSchool has assured us that the incident is contained, and the customer support credentials that were compromised leading to the unauthorized data acquisition have been deactivated. PowerSchool has also advised that they believe the impacted data has been deleted, and that no additional copies exist.
Avon Public Schools analyzed the impacted Avon data for the presence of personally identifiable information. The impacted Avon data belongs to both past and present students and staff. The data regarding students may include: student names, addresses, phone numbers, email addresses, dates of birth, and parent names. The data regarding staff may include: staff names, addresses, phone numbers, and APS (not personal) email addresses. For both groups, Social Security numbers were not included as Avon Public Schools neither collects nor stores that information in PowerSchool.
Importantly, this cybersecurity incident was outside the control of any individual school or our district. Avon Public Schools user credentials were not compromised nor used by the attacker in this incident.
PowerSchool has confirmed that it will provide consumer remediation services where required by law. We are working with PowerSchool to identify and confirm what information related to APS specifically was impacted and to confirm the services that will be provided. Once complete we will work with PowerSchool to notify impacted individuals, as legally required. For more information please visit PowerSchool’s website. Thank you for your understanding and patience as we navigate this challenging situation. Once again, please know that we regret any worry or inconvenience that this may cause.
January 8, 2025
Avon Public Schools was notified by PowerSchool that there was unauthorized access to certain data through their customer support platform, and that many school districts across the country, including Avon’s data, were included in the breach. PowerSchool provides information and data management services to school districts across the country.
PowerSchool has assured us that the breach is contained, and the credentials that were compromised have been deactivated. They do not anticipate the data being shared or made public, and they believe the data has been deleted and that no additional copies exist.
We will send further updates as we learn more about this incident.
Avon Public Schools takes the security of the information we maintain about our students, families, and staff very seriously. Thank you for your understanding and partnership as we work through this together.