Albany County School District #1

Global PowerSchool Data Breach

PowerSchool Update May 7, 2025:

PowerSchool is aware that a threat actor has reached out to multiple school district customers in an attempt to extort them using data from the previously reported December 2024 incident. PowerSchool does not believe this is a new incident.

Please be assured that both PowerSchool and Albany County School District #1 are taking this situation very seriously. PowerSchool has informed us they are working with cybersecurity experts to thoroughly assess this development and have reported it to law enforcement in both Canada and the United States.

As a reminder, following that incident PowerSchool also offered and made widely available credit monitoring and identity protection services for a period of two years to students and faculty of Albany County School District #1 regardless of whether they were individually involved. We encourage all those who were offered these services to take advantage of them:

For individuals in the U.S.: https://www.powerschool.com/security/sis-incident/notice-of-united-states-data-breach/
For individuals in Canada: https://www.powerschool.com/security/sis-incident/notice-of-canada-data-breach/

As was reported earlier this year, PowerSchool made the decision to pay a ransom because they believed it to be in the best interest of their customers and the students and communities they serve. As is always the case with these situations, there was a risk that the bad actors would not delete the data they stole, despite assurances and evidence that were provided PowerSchool.

We wanted to share this update as part of our ongoing commitment to transparency. We remain committed to working closely with PowerSchool and law enforcement to provide support in any way we can. We feel confident, in reviewing the exfiltrated data, that there was minimal Personally Identifiable Information (PII) in the information extracted. We do not store any social security number information in the tables accessed. The information stored in the exfiltrated tables includes information that is readily available from a simple Google search such as name, address, phone number, and etc.

PowerSchool Update March 7, 2025:

PowerSchool has started notifying affected individuals of the data breach. In an email from Ps-sis-incident@mail1.csid.com, PowerSchool provides additional information regarding the data breach that occurred on December 28, 2024. The email also provides specific information for individuals to sign up for complimentary identity protection services to students and educators whose information was involved in the breach. Please follow the instructions in the email to sign up for identity protection through Experian.

What Can You Do?

You are encouraged to remain vigilant against incidents of identity theft and fraud by reviewing account statements for suspicious activity. PowerSchool will never contact you by phone or email to request your personal or account information.

Other Important Information.

If you have any questions or concerns about this notice, please call 833-918-9464, Monday through Friday, 8:00am through 8:00pm Central Time (excluding major US holidays).

PowerSchool Update January 29, 2025:

We are writing to update you regarding the recent cybersecurity incident involving PowerSchool, the software vendor that provides our Student Information System (SIS).

Today, January 29, 2025, PowerSchool initiated the process of notifying individuals whose information was determined to be involved.

As previously mentioned, PowerSchool has engaged Experian, a trusted credit reporting agency, to provide complimentary identity protection and credit monitoring services to current and former students and educators that had information exfiltrated from PowerSchool SIS. PowerSchool is doing this regardless of whether an individual’s Social Security Number was exfiltrated. Albany County School District #1 does not store student social security numbers in our PowerSchool database. In the coming weeks, Experian (on behalf of PowerSchool) will be distributing direct email notifications to involved individuals for whom PowerSchool has sufficient contact information.

Additionally, PowerSchool has worked with Experian to set up a dedicated, toll-free call center to answer any questions associated with these offerings and the incident. All the information regarding the activation of and access to these services will be included in the email sent to you by Experian. Whether or not you receive an email, you may also visit PowerSchool’s website to learn how to activate the offering from Experian.

Protecting our students and teachers remains our top priority. Thank you again for all of your support and understanding during this time.

PowerSchool Letter to Parents:

We are writing to make you aware of a recent cybersecurity incident involving PowerSchool, a software vendor which provides our Student Information System (SIS).

On Tuesday, January 7, 2025, PowerSchool informed our leadership team that they experienced a cybersecurity incident involving unauthorized access to certain PowerSchool SIS customer data. Unfortunately, they have confirmed that the information belongs to some of Albany County School District’s families and educators.

PowerSchool informed us that the taken data primarily includes parent and student contact information with data elements such as name and address information. Across their customer base, they have determined that for a portion of individuals, some personally identifiable information (PII), such as social security numbers (SSN) and medical information, was impacted. They are working with urgency to complete their investigation and determine whether PII belonging to our students was included.

Protecting our students is something we take seriously. With PowerSchool’s help, more information and resources (including credit monitoring or identity protection services if applicable) will be provided to you as it becomes available.

Thank you for your patience and understanding.

Overview:

As a PowerSchool SIS customer whose information was involved, we currently know that data potentially included in the breach was some personally identifiable information (PII), such as names, addresses, social security numbers (SSN) and medical information. However, no financial information was obtained or exfiltrated during the data breach. Albany County School District #1 does not store student social security numbers in our PowerSchool database. Information exfiltrated from Albany County School District #1 servers does include readily available information that could be obtained from a Google search (e.g., Name, Phone number, Address, etc.). Please continue to refer to this webpage for continued updates from PowerSchool.

Moving Forward:

Our top priority remains the security of our students', staff, and families' information. We will continue to work diligently with PowerSchool and the Wyoming CARE Team to address to ensure all necessary safety measures are taken. Please find resources and cybersecurity safety tips below!

What can you do:

Monitor Accounts: Monitor your financial accounts and other personal data for suspicious activity.
Be Alert: Watch for phishing emails or phone calls claiming to be from PowerSchool or Albany County School County School District #1 (asd1.org).

Resources:

PowerSchool Informational Site

PowerSchool FAQ

PowerSchool Data Breach Update

K12 Security Information eXchange