Continuing the Crook County News Since 1884
Continuing the Crook County News Since 1884
Data stolen from student and teacher database mainly limeted to demographic info, says superintendent
Crook County School District (CCSD) is among numerous educational institutions nationwide that was affected by last week’s data breach of PowerSchool.
The district has confirmed that data stolen from its student and teacher database tables was mainly limited to demographic information and that no current staff or student social security numbers were accessed.
The PowerSchool application also remains secure and fully operational, according to a letter sent out by Superintendent Mark Broderson.
However, the district is, “Treating this situation with the utmost seriousness” and expects PowerSchool to provide additional resources and information as available.
Broderson has pledged that individuals affected by the breach will be notified directly in the near future, and says the investigation is ongoing.
In a statement from PowerSchool shared by CCSD, the company says, “We do not anticipate the data being shard or made public, and we believe it has been deleted without any further replication.”
PowerSchool is a software suite that is used by a reported 16,000 customers to serve 50 million American students.
The incident, which occurred on December 28, saw hackers gain access to customer data within the student information system. An unauthorized individual is reported to have used a compromised credential to access the system, then using maintenance channels to access data.
In a letter to affected customers, which has been shared on some news sites, PowerSchool notified users that it had immediately engaged its cybersecurity response protocols and engaged a response team, as well as informing law enforcement.
When CCSD was notified, its team investigated the access logs and confirmed that the hacker did access data from its database, including records of students and teachers dating back to 2003.
“We want to assure you that the information involved is limited primarily to directory information for students and staff, such as demographic data like names, addresses, phone numbers,” Broderson writes.
“It did not include any financial, academic or behavioral records.”
According to the superintendent, CCSD does not currently keep social security numbers in PowerSchool.
“However, in our initial internal investigation, we did determine that four inactive staff members out of 1578 total accounts and 65 inactive student accounts out of 5747 total accounts did contain a social security number,” he writes.
All 69 social security numbers are associated with previous students and staff members.
CCSD has shared a statement from the company: “Importantly, the incident is contained, and we have no evidence of malware or continued unauthorized activity in the PowerSchool environment. PowerSchool is not experiencing, nor expects to experience, any operational disruption and continues to provide services as normal to our customers.”
In its statement, PowerSchool says that it is unaware of and does not expect any actual or attempted misuse of the information. However, the company, “Will be providing credit monitoring to affected adults and identity protection services to affected minors in accordance with regulatory and contractual obligations,” though PowerSchool anticipates that “only a subset of impacted customers will have notification obligations”.
