• PowerSchool FAQ

December 2024 PowerSchool Data Breach

  • PowerSchool FAQ 

    Letter to NT Families sent January 9, 2025

    Title: PowerSchool Global Data Breach

    Dear New Trier families,

    On Tuesday afternoon, January 7, New Trier was informed by PowerSchool, our Student Information System (SIS), of a recent data breach impacting many of the 18,000 school districts that use PowerSchool globally. 

    Working with PowerSchool and our Technology Department, we have determined that about 35,000 records of current and former New Trier students were accessed. This note shares what we have found, based on the information PowerSchool has provided. We will provide future updates if we discover additional information.

    We are extremely disappointed in this security lapse and are in constant communication with PowerSchool to understand how this could have happened and what they are doing to prevent future incidents. 

    What happened? 

    On December 28, 2024, PowerSchool discovered that a threat actor had accessed staff and student information from customers worldwide using the PowerSchool SIS. The threat actor exploited the user account of a PowerSchool technical support employee, allowing rapid access to download millions of records from schools worldwide between December 19 and December 24, 2024.

    What type of information was accessed at New Trier? 

    Using the instructions provided by PowerSchool, our Technology Department identified the fields accessed at New Trier. For current students, that information includes: 

    • Student names and New Trier ID numbers
    • Student addresses
    • Student birth dates
    • Parent/guardian/emergency contact names and phone numbers

    The PowerSchool records accessed for current students DO NOT include grades, GPA, medical information, financial information, special education status, schedule information, email addresses, or Social Security numbers. For a limited number of graduates in classes prior to 2017, Social Security numbers were included, and we are working with PowerSchool to contact those individuals separately with additional information.  

    What’s next? 

    PowerSchool has told its customers that they do not anticipate the data being shared or made public, and that they believe it has been deleted without any further replication or dissemination. In addition, PowerSchool has taken the following steps in response to the breach: 

    • Engaged CrowdStrike, a third-party cybersecurity firm, to investigate the breach. Their final forensic report is expected to be released at the end of next week and will provide a clearer understanding of the incident and its potential impact.
    • Implemented additional information security best practices requiring updated credentials for all employees, and restricting access to their support system tools. 

    New Trier is reviewing our extensive data protection tools, policies, and agreements with vendors that store information related to our students to make sure we continue to employ the strongest possible information security protections. We are collaborating closely with other impacted school districts and leveraging our membership in both statewide and national educational technology organizations to ensure we have taken every possible step in responding to the data breach.

    We know that incidents like these are upsetting, and we share your concern. Please know that we are doing everything we can to prevent these types of incidents in the future.

    If you have any questions, please reach out to me at marassam@nths.net

    Sincerely,

    Michael Marassa

    Chief Technology Officer