On January 8th we received word of a nation wide PowerSchool data breach. Hansen School District uses PowerSchool as our student information system, as do many other schools in the state of Idaho. This breach is the result of an unauthorized party gaining access the PowerSchool's support portals and sequentially gained access to PowerSchool Student Information Systems. This affects customers that are hosted and not hosted directly by PowerSchool.
What we have confirmed is that some of the PowerSchool SIS data that was breached did belong to Hansen School District's families and educators. We have been informed that the data breach was limited to tables containing teacher and student contact data. We have attached links to below to show the list of fields that are available in these tables. Please note that not all fields will have data in them. One primary field that we do not use is the SSN (Social Security Number) field for students or staff.
Protecting our students, teachers, and staff is something we take seriously. With PowerSchool's help, more information and resources (including credit monitoring or identity protection services if applicable) will be provided to you as it becomes available.
What we have done in the meantime is followed PowerSchool's guidance on how to disable the always on support connection. This will require that any future connections from PowerSchool support must first be authorized via communications with district IT staff. We have also implemented Geo IP filters to limit locations that can access our systems. PowerSchool has forced the updating of all their support credentials to prevent further unauthorized access to their support tools. PowerSchool has also moved the part of the tool allowing them to access customer systems behind their corporate VPN.
At this time we are continuing to work with PowerSchool to further investigate this breach. You can continue to check back here for more information.