Latest news with #PowerSource
CBC
12-02-2025
- CBC
Alberta privacy commissioner investigating PowerSchool data breaches
Alberta's privacy watchdog is investigating more than 30 data breaches from Alberta schools stemming from the PowerSchool cyberattack, the provincial government said in a news release Wednesday. PowerSchool, a cloud-based software platform used in K-12 education, was hit by a cyberattack in late December that accessed data held by some North American schools, including in Alberta. The company started issuing notices last month to individuals whose information was breached. The Office of the Information and Privacy Commissioner (OIPC) has started reviewing the 31 breach notices it has received so far regarding unauthorized access to students' personal information. In some cases, teachers' personal information was also accessed. The office will work with affected schools to reduce the potential risk posed to those whose information was exposed, Information and Privacy Commissioner Diane McLeod said in the release. A "significant number" of Albertans were affected, including many students, McLeod said. Her office is examining notices as they come in, to figure out exactly how many people in Alberta were affected. Also this week, federal Privacy Commissioner Philippe Dufresne said his office has launched its own investigation into the cybersecurity breach at PowerSchool. McLeod, who works independently from government, is also working with her counterparts across Canada to address the breach, she added. PowerSchool learned of the data breach on Dec. 28, the company says on its website. It occurred through PowerSource, one of its "community-focused customer support portals," and accessed various forms of personal and medical information. One of the notices the OIPC received involved students' names, phone numbers, birth dates, genders, grades, school-issued email addresses, and student identification numbers. Health information that was accessed included medical conditions, allergies and medications, personal health numbers, physician contact information and guardian information, the news release said. The office has received information that suggests PowerSchool is offering credit monitoring and identity theft protection for people impacted by the breach, the release said, adding that people should contact PowerSchool for information about that. Anyone who received notices should direct their questions to the school that sent them the notice, the release said.
Yahoo
28-01-2025
- Business
- Yahoo
More than 33,000 Mainers affected by school cyber breach
Jan. 28—More than 33,000 Mainers were affected by a data breach of the education software provider PowerSchool last month, according to a notification filed Monday by the company with the Office of the Maine Attorney General. The global K-12 software company suffered a cybersecurity breach that occurred on Dec. 19 and was discovered on Dec. 28, according to the notification. The company says 33,488 Maine residents were affected, although it does not include details about which school districts were impacted. There are about 170,000 publicly enrolled students in Maine, according to the state Department of Education. At least nine Maine districts, including Brunswick, Cumberland, Gardiner and Yarmouth, notified families of the breach in email notifications or online announcements earlier this month. Monday's filing includes a template of a letter from PowerSchool that districts could use to notify affected families. It includes a summary of the breach situation, which it describes as an "unauthorized exfiltration of certain personal information from PowerSchool Student Information System (SIS) environments through one of our community-focused customer support portals, PowerSource." The letter also explains what personal information might have been accessed. "Due to differences in customer requirements, the types of information involved in this incident included one or more of the following, which varied by person: name, contact information, date of birth, Social Security Number, limited medical alert information, and other related information," the letter reads. It also offers options for affected individuals to enroll in complementary credit monitoring or identity protection for two years. Copy the Story Link
