Latest news with #StudentInformationSystem
Yahoo
04-06-2025
- Business
- Yahoo
Thesis Elements Named "SIS Solution Provider of the Year" in 2025 EdTech Breakthrough Awards
Prestigious awards program honors Thesis Elements for transforming student success for smaller institutions CHESTERFIELD, Mo., June 4, 2025 /PRNewswire/ -- Thesis Elements, a Student Information System (SIS) provider purpose-built for small to midsize higher education institutions, today announced it has been named "SIS Solution Provider of the Year". Thesis earned the coveted title in 2025 EdTech Breakthrough Awards, an independent market intelligence organization that recognizes the top companies and solutions in the global education technology market. "Small and mid-sized colleges have long been underserved by legacy SIS providers," said Jason Duggan, CEO of Thesis Elements. "This award is a powerful validation of our mission to build technology that works for the unique demands of these institutions—giving their teams the tools they need to work more efficiently while staying focused on what matters most: the student experience." Thesis Elements is recognized for providing a comprehensive, modular cloud-based SIS platform that includes core functionality such as registration, billing and financial aid, degree planning, housing, and reporting—all with deep integration into LMS, CRM and ERP systems. The platform is also backed by an active client user community and a responsive product team that work in close collaboration to execute the product roadmap. The mission of the EdTech Breakthrough Awards is to honor excellence and recognize innovation, hard work, and success in a range of educational technology categories. This year's program attracted more than 2,700 nominations from around the world. Thesis Elements stood out for its ability to meet the mission-critical needs of smaller institutions with an intentionally simplified, cloud-native SIS platform that delivers the functionality of enterprise systems without the high cost, complexity, or lengthy implementations. Added Dugan, "Our goal is to eliminate barriers to digital transformation for schools that don't have armies of developers or large IT budgets. Winning this award reinforces that it's possible to deliver powerful, purpose-built SIS solutions with simplicity and speed." About Thesis ElementsThesis Elements is a cloud-based Student Information System purpose-built for small to midsized institutions. Elements drives operational efficiency with an affordable, user-friendly system providing critical operations and administration functions including improving student success, enabling faster financial aid decisions and easier federal and state reporting, integrating with an institutions' campus technology ecosystem including LMS, CRM and ERP systems. With the average implementation time under 12 months, Elements streamlines operations, improves access to essential student data and increases self service tools for students all built on modern technology designed to help future-proof the institution. Backed by a dedicated user community, Elements evolves based on real-world feedback to better serve the needs of smaller institutions. Founded in 2020, Thesis Elements is a business-unit of Thesis America. For more information, visit View original content to download multimedia: SOURCE Thesis Elements
Yahoo
24-03-2025
- Politics
- Yahoo
Columbus City Schools reverts to birth names for transgender students
COLUMBUS, Ohio (WCMH) — Parents are speaking out after Columbus City Schools reverted students' names to those reflected on birth certificates, saying the move came without notice and harmed transgender and gender variant students. Columbus City Schools spokesperson Tyler Carter said the district made the change to ensure compliance with Senate Bill 104, which took effect Feb. 25 and requires Ohio public school students to use the restroom that aligns with their assigned sex at birth. However, the bill does not require districts to use birth names in school records, and the district did not respond to NBC4's request for clarification. Dara Adkinson, executive director of TransOhio, said there was no legal obligation for CCS to make this change. Adkinson said TransOhio has heard from a number of concerned parents and faculty after the district changed its student records overnight. They said many students were outed to their classmates without warning, including students with legal name changes and sealed court records. How dismantling the Department of Education will affect Ohio schools 'The schools have smart boards, and there were students that were outed during attendance to their classes and their teachers, none of whom knew that they were trans,' Adkinson said. Columbus City Schools rescinded its transgender and gender variant student policy in February, removing the district's policy protecting names and pronouns. The policy said it was required to maintain an official record of students' legal sex and name assigned at birth but would otherwise use a student's chosen name in school records and documents. See previous coverage of this decision in the video player above. 'To ensure legal compliance regarding official student records, Student Information System records had to be updated to match the information on student birth certificates or court orders,' Carter said. When the policy was repealed, local LGBTQ+ youth support organization Kaleidoscope Youth Center thanked the district for rescinding it, saying changes would have legitimized discrimination. Now the district is no longer required to respect students' gender identity in student records, but it said during it would continue to ensure all students felt safe and included at school. Adkinson said parents have mentioned pursuing litigation, and lawyers have reached out to TransOhio to express their concerns. 'I cannot imagine being a middle school student and being outed in such a violent manner to my classmates, taking all agency away from those kids,' Adkinson said. Could same-sex marriage be on the ballot in Ohio? Adkinson said parents reported having no notice of the change until it was reflected in parent and student portals. Families also shared this frustration on social media. Carter said every parent or guardian who had requested a name or gender change for their student received a notice, and students older than 18 received notice personally. However, a parent shared a copy of the letter with NBC4, pointing out that it was postmarked March 20, at least 24 hours after the change. Adkinson said the district does not have to stick with this decision, adding many parents have reached out to the school board asking for it to be undone. In an email to a parent shared with NBC4, board member Sarah Ingles responded to concerns indicating she and other board members had not been aware of the decision. In the email, Ingles said she asked for a full report from district administration, including possible remedies. 'You don't have to stay with a bad decision just because you made one,' Adkinson said. 'I hope that they roll it back, but I don't know that there's any way they can truly make it up to those students.' Adkinson said there are ways to help, like teachers calling attendance by last name alone or families contacting the district. However, they encouraged people not to bring it up around students who were affected by the decision, saying they may not want to discuss it. 'In this moment in time, just because a lot of discrimination is being championed, doesn't mean that our institutions need to rush to discriminate in new and creative ways that are presently still illegal,' Adkinson said. Carter said the district will continue to work with students and families to provide support. Parents said they have been able to call the school to update students' information but only as a 'nickname.' The next regular Board of Education meeting will take place April 1 at 6 p.m. Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Yahoo
31-01-2025
- Business
- Yahoo
Children's data hacked after school software firm missed basic security step, internal report says
The hack of a company that helps schools track tens of millions of students appears to be the largest breach of American children's personal information to date, school officials and cybersecurity experts say. And a specially commissioned interim cybersecurity audit by cybersecurity company CrowdStrike showed that the company had apparently failed to take basic precautions to protect students' data, according to a copy exclusively obtained by NBC News and records of internal discussions. The company, PowerSchool, is best known for its Student Information System (SIS), one of the most widely used education tech programs in the U.S., and one of the breached systems. The SIS software helps school districts keep track of K-12 students, collecting information like their name, school, birthday, address and parent or guardian. Many districts go further and add information like their Social Security number, health concerns or disciplinary records. Theft of children's data is regarded as particularly egregious, as they usually have no agency in how it's protected. It can be difficult to draw a direct line from a particular data breach to a given instance of identity theft, as cybercriminals repeatedly repackage and resell victims' information. But identity theft cost Americans around $43 billion in 2023, according to a 2024 study by AARP. 'We recognize the significance of this incident and are deeply regretful that it occurred,' Beth Keebler, a PowerSchool spokesperson, said in an emailed statement. 'PowerSchool has significantly invested in its cybersecurity program, culture, and talent over the years — this has been a diligent and continuous area of focus and one the Company plans to continue to invest in.' Cybercriminals who steal sensitive data often threaten to publish it if they're not paid a ransom. PowerSchool declined to comment to NBC News about any extortion demand or payment. But in a private virtual briefing with customers, the company's chief information officer, Mishka McCowan, said the company had paid the hacker and received a video of them appearing to delete the stolen data, a person who attended the call told NBC News. Cybersecurity experts caution that cybercriminals can backtrack on promises not to release data, and it's impossible to verify that the hacker didn't make backup copies. In December, a hacker gained what appears to be full access to the SIS information of those schools that had used customer support. While not the entirety of PowerSchool's customer base, the breach appeared to expose the data of tens of millions of American children. While exact numbers are still unclear, the hacker has claimed the figure to be 62 million. That figure was first reported by the tech news site Bleeping Computer. As of Thursday, the breached data did not appear to be publicly available online. Private assessments of the hack show the company failed to take basic steps to protect students' data. PowerSchool hired the cybersecurity firm CrowdStrike to help investigate the breach. An interim report prepared by CrowdStrike and disseminated to some school officials, the contents of which had not previously been public and which was acquired by NBC News, found no evidence that the hackers used malware or found a backdoor into PowerSchool's systems. Instead, the hacker simply obtained a single employee's password. That granted access to a 'Maintenance Access' function that let them download millions of children's personal information. According to the CrowdStrike report, the company was not even aware that it had been the victim of such a massive hack until late December, several days after it happened, when the hacker contacted the company to inform it and ask for a payment. CrowdStrike declined to comment, in line with industry practice. In a private online chat that included company executives and school representatives, an executive admitted that the hackers were able to access and download the student records by logging into one account that didn't have two-factor authentication enabled, one of the most basic cybersecurity standards for any account, particularly one that has access to sensitive information. One participant, who requested not to be named, took a screenshot of the chat and shared it with NBC News. Bill Fitzgerald, an independent security consultant for schools, said that was an example of poor security, though not uncommon in the EdTech industry. 'If you're not enforcing multifactor authentication, that's just not best practice,' Fitzgerald told NBC News. 'But this happens all the time.' Doug Levin, the national director of K12 SIX, an industry nonprofit devoted to helping schools guard themselves from hackers, blamed lax cybersecurity standards across what's referred to as EdTech, the industry of education-focused technology that schools increasingly rely on, especially since the Covid-19 pandemic. Levin told NBC News that the hack and the lack of safeguards were both extreme but still emblematic of the industry. 'For a sector so integral to the American way of life, it is unconscionable that neither K-12 schools — nor their vendors — are held to a cybersecurity standard of practice,' he said, referencing cybersecurity issues that plague the sector. 'This incident is unique both for its scope and the sensitivity of the data.' PowerSchool declined to share specifics on how many students were affected by the hack, citing its ongoing investigation, but a spokesperson said the company was confident the number of students whose Social Security numbers were compromised was less than 25% — a figure that could still reach into the tens of millions. Terry Loftus, the chief information officer for the San Diego County Office of Education, where seven districts are PowerSchool customers, told NBC News he was particularly concerned about hackers accessing additional student information that some school districts include in SIS. 'We may be talking about disabilities and what supports are being put in place for special education students,' Loftus said. 'This is massively sensitive, and something that's of high value to threat actors, as far as reselling to various nefarious groups or data brokers.' 'As it stands right now or as it appears, unless we hear otherwise, this will likely ultimately be the largest breach of K-12 students,' he told NBC News. In some cases, former students' information was also in the PowerSchool program and their personal information was stolen as well, the company said in a press release. There is no formal public accounting of PowerSchool's reach, but it has statewide contracts with Alabama, North Carolina and South Carolina, though use of the SIS software can vary within a state. Other states where schools have warned students and parents about the PowerSchool breach include Alaska, Arizona, California, Colorado, Connecticut, Delaware, Illinois, Indiana, Kansas, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Dakota, Tennessee, Texas, Utah, Wisconsin and Wyoming. Georgia broadcaster 11Alive has estimated from the state's Department of Education figures that more than 230,000 current students in the state may have been affected. In some cases, school districts have warned that the hackers stole remarkably specific information. Utah Schools for the Deaf and the Blind announced that the hackers gained access to not just students' names, birthdays and grades, but also their locker numbers and combinations and the balances in their lunch accounts. Sarah Powazek, the director of the University of California, Berkeley's public interest cybersecurity program, which offers cybersecurity help to schools and other civic organizations that may not be able to afford it, said schools are in the unfortunate position of trusting companies like PowerSchool to protect their students' private information. 'School districts really have no control over this product, and it's not up to them whether or not PowerSchool itself is implementing the correct security procedures within their own organization. The schools are very much at the mercy of these educational technology products,' Powazek told NBC News. Publicly, PowerSchool has said it takes pains to ensure high cybersecurity standards. In 2023, CEO Hardeep Gulati joined then-first lady Jill Biden at a White House event promoting EdTech cybersecurity. The company's website says it takes a litany of steps to protect kids' and teachers' data, including routine security audits and 'Extensive and ongoing security/cybersecurity training for all our employees.' PowerSchool is a signatory to another pledge, created by the nonprofit Future of Privacy Forum, in which it promises to take a series of basic steps to protect students' information. A spokesperson for the Future of Privacy Forum told NBC News that PowerSchool's status as a signatory is currently under review for 'potential violations of the company's Student Privacy Pledge commitments.' This article was originally published on
NBC News
31-01-2025
- Business
- NBC News
Children's data hacked after school software firm missed basic security step, internal report says
The hack of a company that helps schools track tens of millions of students appears to be the largest breach of American children's personal information to date, school officials and cybersecurity experts say. And a specially commissioned interim cybersecurity audit by cybersecurity company CrowdStrike showed that the company had apparently failed to take basic precautions to protect students' data, according to a copy exclusively obtained by NBC News and records of internal discussions. The company, PowerSchool, is best known for its Student Information System (SIS), one of the most widely used education tech programs in the U.S., and one of the breached systems. The SIS software helps school districts keep track of K-12 students, collecting information like their name, school, birthday, address and parent or guardian. Many districts go further and add information like their Social Security number, health concerns or disciplinary records. Theft of children's data is regarded as particularly egregious, as they usually have no agency in how it's protected. It can be difficult to draw a direct line from a particular data breach to a given instance of identity theft, as cybercriminals repeatedly repackage and resell victims' information. But identity theft cost Americans around $43 billion in 2023, according to a 2024 study by AARP. 'We recognize the significance of this incident and are deeply regretful that it occurred,' Beth Keebler, a PowerSchool spokesperson, said in an emailed statement. 'PowerSchool has significantly invested in its cybersecurity program, culture, and talent over the years — this has been a diligent and continuous area of focus and one the Company plans to continue to invest in.' Cybercriminals who steal sensitive data often threaten to publish it if they're not paid a ransom. PowerSchool declined to comment to NBC News about any extortion demand or payment. But in a private virtual briefing with customers, the company's chief information officer, Mishka McCowan, said the company had paid the hacker and received a video of them appearing to delete the stolen data, a person who attended the call told NBC News. Cybersecurity experts caution that cybercriminals can backtrack on promises not to release data, and it's impossible to verify that the hacker didn't make backup copies. In December, a hacker gained what appears to be full access to the SIS information of those schools that had used customer support. While not the entirety of PowerSchool's customer base, the breach appeared to expose the data of tens of millions of American children. While exact numbers are still unclear, the hacker has claimed the figure to be 62 million. That figure was first reported by the tech news site Bleeping Computer. As of Thursday, the breached data did not appear to be publicly available online. Private assessments of the hack show the company failed to take basic steps to protect students' data. PowerSchool hired the cybersecurity firm CrowdStrike to help investigate the breach. An interim report prepared by CrowdStrike and disseminated to some school officials, the contents of which had not previously been public and which was acquired by NBC News, found no evidence that the hackers used malware or found a backdoor into PowerSchool's systems. Instead, the hacker simply obtained a single employee's password. That granted access to a 'Maintenance Access' function that let them download millions of children's personal information. According to the CrowdStrike report, the company was not even aware that it had been the victim of such a massive hack until late December, several days after it happened, when the hacker contacted the company to inform it and ask for a payment. CrowdStrike declined to comment, in line with industry practice. In a private online chat that included company executives and school representatives, an executive admitted that the hackers were able to access and download the student records by logging into one account that didn't have two-factor authentication enabled, one of the most basic cybersecurity standards for any account, particularly one that has access to sensitive information. One participant, who requested not to be named, took a screenshot of the chat and shared it with NBC News. Bill Fitzgerald, an independent security consultant for schools, said that was an example of poor security, though not uncommon in the EdTech industry. 'If you're not enforcing multifactor authentication, that's just not best practice,' Fitzgerald told NBC News. 'But this happens all the time.' Doug Levin, the national director of K12 SIX, an industry nonprofit devoted to helping schools guard themselves from hackers, blamed lax cybersecurity standards across what's referred to as EdTech, the industry of education-focused technology that schools increasingly rely on, especially since the Covid-19 pandemic. Levin told NBC News that the hack and the lack of safeguards were both extreme but still emblematic of the industry. 'For a sector so integral to the American way of life, it is unconscionable that neither K-12 schools — nor their vendors — are held to a cybersecurity standard of practice,' he said, referencing cybersecurity issues that plague the sector. 'This incident is unique both for its scope and the sensitivity of the data.' PowerSchool declined to share specifics on how many students were affected by the hack, citing its ongoing investigation, but a spokesperson said the company was confident the number of students whose Social Security numbers were compromised was less than 25% — a figure that could still reach into the tens of millions. Terry Loftus, the chief information officer for the San Diego County Office of Education, where seven districts are PowerSchool customers, told NBC News he was particularly concerned about hackers accessing additional student information that some school districts include in SIS. 'We may be talking about disabilities and what supports are being put in place for special education students,' Loftus said. 'This is massively sensitive, and something that's of high value to threat actors, as far as reselling to various nefarious groups or data brokers.' 'As it stands right now or as it appears, unless we hear otherwise, this will likely ultimately be the largest breach of K-12 students,' he told NBC News. In some cases, former students' information was also in the PowerSchool program and their personal information was stolen as well, the company said in a press release. There is no formal public accounting of PowerSchool's reach, but it has statewide contracts with Alabama, North Carolina and South Carolina, though use of the SIS software can vary within a state. Other states where schools have warned students and parents about the PowerSchool breach include Alaska, Arizona, California, Colorado, Connecticut, Delaware, Illinois, Indiana, Kansas, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Dakota, Tennessee, Texas, Utah, Wisconsin and Wyoming. Georgia broadcaster 11Alive has estimated from the state's Department of Education figures that more than 230,000 current students in the state may have been affected. In some cases, school districts have warned that the hackers stole remarkably specific information. Utah Schools for the Deaf and the Blind announced that the hackers gained access to not just students' names, birthdays and grades, but also their locker numbers and combinations and the balances in their lunch accounts. Sarah Powazek, the director of the University of California, Berkeley's public interest cybersecurity program, which offers cybersecurity help to schools and other civic organizations that may not be able to afford it, said schools are in the unfortunate position of trusting companies like PowerSchool to protect their students' private information. 'School districts really have no control over this product, and it's not up to them whether or not PowerSchool itself is implementing the correct security procedures within their own organization. The schools are very much at the mercy of these educational technology products,' Powazek told NBC News. Publicly, PowerSchool has said it takes pains to ensure high cybersecurity standards. In 2023, CEO Hardeep Gulati joined then-first lady Jill Biden at a White House event promoting EdTech cybersecurity. The company's website says it takes a litany of steps to protect kids' and teachers' data, including routine security audits and 'Extensive and ongoing security/cybersecurity training for all our employees.' PowerSchool is a signatory to another pledge, created by the nonprofit Future of Privacy Forum, in which it promises to take a series of basic steps to protect students' information. A spokesperson for the Future of Privacy Forum told NBC News that PowerSchool's status as a signatory is currently under review for 'potential violations of the company's Student Privacy Pledge commitments.'
Yahoo
28-01-2025
- Yahoo
RCSD warns community of data breach
ROCHESTER, N.Y. (WROC) – The Rochester City School District released a message on Monday, warning students, families, and staff of a data breach involving its student management system. On RCSD's website, this pop-up message could be viewed on Monday. RCSD utilizes what's called PowerSchool, a third-party organization used by schools across the country and internationally in Canada to help districts manage student databases. The company reportedly notified its users of a 'cybersecurity incident' in late December. According to PowerSchool, there was no indication of any identity theft associated with the incident. District leadership in Rochester said PowerSchool admitted there was nothing that could have been done by individual districts to stop the breach. Even so: 'Starting in the next few weeks, in collaboration with Experian, PowerSchool will provide notice to students (or their parents/guardians, if the student is under 18) and staff whose information was involved and a phone number to answer any questions you may have about the incident. The notice will include the identity protection and credit monitoring services offered, as applicable,' the district announced in a statement on its website. ICE presence confirmed in Rochester amid immigration crackdown PowerSchool emphasized to district's this was an attack on the company, not any individual school systems. According to the organization, 'December 28, 2024, PowerSchool became aware of a cybersecurity incident involving unauthorized exfiltration of personal information from certain PowerSchool Student Information System (SIS) environments,' though no further details were released pertaining to the breach itself. Folks are encouraged to keep up to date with the breach by clicking here, where PowerSchool is expected to make periodic updates. Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
