PowerSchool Cybersecurity Incident 2024
Below are Frequently Asked Questions (FAQ) regarding PowerSchool's Cybersecurity Incident in December 2024. Questions will be updated as information becomes availble.
How was Bradley School District notified of this incident?
- Bradley School District recieved this document from PowerSchool several days after the incident occured.
- December 22, 2024 - Incident occured.
- December 28, 2024 - PowerSchool became aware of the situation.
- January 7, 2025 - PowerSchool notified all School Districts of the "a potential cybersecurity incident involving unauthorized access"
- January 9, 2025 - Webinar held by PowerSchool and attended by Director of Technolgy regarding the incident.
- January 15, 2025 - Initial community outreach letter sent by District #61
- January 27, 2025 - PowerSchool began the process of filing state attorneys general notifications across applicable U.S. jurisdictions on behalf of customers who did not opt-out of our offer to do so.
- January 29, 2025 - PowerSchool published Notice of Data Breach on their website for the public with information regarding credit monitoring for all users affected.
Who is at fault regarding this incident?
- PowerSchool is believed to be at fault regarding this incident as it was one of their internal accounts that was compromised.
- No Bradley School District accounts were compromised or used to maliciously export data.
Did PowerSchool violate SOPPA terms?
- The Student Privacy Data Consortium (SPDC) is currently investigating the fact that PowerSchool may have violated terms of the NDPA v1 and v2.
- SPDC will soon be releasing guidance on how schools and districts should approach when a vendor violates terms of the NDPA.
Will parent or student data be made public?
- PowerSchool stated in their initial communication with districts that they do not believe the data will be shared or misused and they believe all of it to have been deleted as stated below:
"Rest assured, we have taken all appropriate steps to prevent the data involved from further unauthorized access or misuse. We do not anticipate the data being shared or made public, and we believe it has been deleted without any further replication or dissemination."
If you have further questions please email admin@bradleyschools.com