PowerSchool Cybersecurity Incident

 

PowerSchool Cybersecurity Incident

 

January 28, 2025

Dear current and former APS families, students, and staff,

 

I am writing to you with an update about the recent cybersecurity incident experienced by PowerSchool, a software vendor which provides our Student Information System [SIS].  Both current and former families, staff, and students may have been impacted. If you are a family member of a previous student, please forward this message as appropriate, since we do not maintain students’ personal email addresses. All communications related to this matter are also posted on our website at https://www.avon.k12.ct.us/power_school_cybersecurity_incident.

In summary, Avon Public Schools was notified of the unauthorized acquisition of certain data stored within our PowerSchool SIS as a result of unauthorized access to PowerSchool's customer support platform. Avon was further advised that data belonging to many school districts across the country, including Avon, was impacted in the incident.  We have analyzed the impacted data and determined that Social Security numbers were not included as Avon Public Schools neither collects nor stores that information in PowerSchool. 

PowerSchool has recently announced they will be offering identity protection services for all adults whose information was involved and will also be offering credit monitoring services for all adult students and educators whose information was involved, regardless of whether an individual’s Social Security Number was impacted. PowerSchool will coordinate with Experian to provide notice via email to students (or their parents/guardians if the student is under 18) and educators whose information was impacted. PowerSchool will also launch a website and distribute a media release to ensure they reach as many involved individuals as possible and provide them with resources to protect their information.
PowerSchool has a frequently asked questions page available on their website.  Please visit https://www.powerschool.com/security/sis-incident/

for the latest information. We will continue to monitor PowerSchool's response to this situation.


January 15, 2025

Dear APS families, students, and staff,

I am writing to update you about the recent cybersecurity incident experienced by PowerSchool, a software vendor which provides our Student Information System. 

Avon Public Schools was notified on January 7, 2025 of the unauthorized acquisition of certain data stored within PowerSchool through PowerSchool's customer support platform. Avon was further advised that data belonging to many school districts across the country, including Avon, was impacted in the incident.  PowerSchool informed us that the incident only affected their Student Information System and none of their other products or services were impacted.

PowerSchool has assured us that the incident is contained, and the customer support credentials that were compromised leading to the unauthorized data acquisition have been deactivated. PowerSchool has also advised that they believe the impacted data has been deleted, and that no additional copies exist.

Avon Public Schools analyzed the impacted Avon data for the presence of personally identifiable information.  The impacted Avon data belongs to both past and present students and staff.  The data regarding students may include: student names, addresses, phone numbers, email addresses, dates of birth, and parent names.  The data regarding staff may include: staff names, addresses, phone numbers, and APS (not personal) email addresses. For both groups, Social Security numbers were not included as Avon Public Schools neither collects nor stores that information in PowerSchool. 

Importantly, this cybersecurity incident was outside the control of any individual school or our district. Avon Public Schools user credentials were not compromised nor used by the attacker in this incident.

PowerSchool has confirmed that it will provide consumer remediation services where required by law.  We are working with PowerSchool to identify and confirm what information related to APS specifically was impacted and to confirm the services that will be provided. Once complete we will work with PowerSchool to notify impacted individuals, as legally required.  For more information please visit PowerSchool’s website. Thank you for your understanding and patience as we navigate this challenging situation.  Once again, please know that we regret any worry or inconvenience that this may cause.

 

January 8, 2025

Avon Public Schools was notified by PowerSchool that there was unauthorized access to certain data through their customer support platform, and that many school districts across the country, including Avon’s data, were included in the breach.  PowerSchool provides information and data management services to school districts across the country.

PowerSchool has assured us that the breach is contained, and the credentials that were compromised have been deactivated. They do not anticipate the data being shared or made public, and they believe the data has been deleted and that no additional copies exist.

We will send further updates as we learn more about this incident.

Avon Public Schools takes the security of the information we maintain about our students, families, and staff very seriously.  Thank you for your understanding and partnership as we work through this together.