About Us » PowerSchool Incident

PowerSchool Incident

What happened?
On December 28, 2024, PowerSchool, a third-party service provider used by the LDCSB, became aware of a cybersecurity incident involving unauthorized access to certain PowerSchool Student Information System (SIS) information.
 
On January 7, 2025, PowerSchool notified us of the incident and that personal information of our students and educators may have been impacted. 
 
Who was affected?
Many public boards and private schools across North America who use PowerSchool SIS were affected by this incident.
 
What data was compromised?
We have worked with PowerSchool to determine that the following Board information was affected:
 
For all K-12 students enrolled in the LDCSB from the 2008-09 school year to the end of 2024; and
For all Adult Education students enrolled in the LDCSB from 1993-94 school year to the end of 2024:
The information affected includes full name; home phone; home address; date of birth; gender; OEN; LDCSB student number; start and end dates at LDCSB; parent/guardian emergency contact name and phone number; graduation year (actual or anticipated). Please note that all fields were not breached for every person. This is a summary of fields in total.
 
Some high-level medical alert related notes (example: severe allergies); or free-form information provided at enrollment or exit by family (examples: post-secondary path or transfer status). Please note that medical information provided to LDCSB staff after enrollment (e.g. Psychologists, Occupational Therapists, Physiotherapists, Audiologists, Speech-Language Pathologists, and Social Workers) was not impacted by this incident. 
 
This incident did not result in the compromise of any of the following information: financial/banking/credit card information, social insurance numbers, health assessment information, medical records, student academic grades, parent/guardian custody status or accommodations. 
 
The LDCSB’s internal network and systems were otherwise unaffected by this incident. In addition, other PowerSchool products used by the LDCSB, including SchoolMessenger, SmartFind, PowerTeacher and SpecialEd, were not affected by the PowerSchool breach.
 
For all educator or LDCSB staff who had PowerSchool access from the 2013-14 school year to the end of 2024: 
The information affected includes full name; LDCSB email address; MEN number (teachers); Employee ID. Note: if a staff member did not have access to PowerSchool, their information was not affected.
 
What steps are you taking to prevent this from happening again?
Although this cyber incident did not take place in a the LDCSB environment, as part of our own investigative process, we are working with industry experts and using this incident as an opportunity to review our vendor retention practices and improve how we protect personal information.
 
Where can I learn more about the incident?
PowerSchool has posted an FAQ on their website to share information, which includes steps they have taken to address this incident and protect student, family and educator information moving forward. 
Visit: https://www.powerschool.com/security/sis-incident/
 
Did the Board notify the Office of the Information and Privacy Commissioner?
Yes, the Board has notified and is working with the Ontario Information and Privacy Commissioner in responding to this incident. While you are entitled to file a complaint, the IPC has advised that it is not necessary as they are already investigating the matter. You can visit the IPC’s website at www.ipc.on.ca.
 
Was any credit card or banking information involved in this incident?
No. Both PowerSchool and the Board’s own internal investigation can confirm that there is no evidence of any credit card or banking information being compromised.
 
Is there any indication that compromised information has been released?
PowerSchool has reported that it received confirmation that the data acquired by the unauthorized user was deleted and that the data was not posted online.
 
Why were you keeping my student data if I was no longer enrolled in the board?
We keep information about former students in accordance with provincial requirements under the Education Act and to respond to former student information requests. We are taking this opportunity to assess our records retention practices to ensure that we are only keeping what is necessary to conduct the Board’s business.   
 
I attended the LDCSB many years ago. Was my information impacted?
Our PowerSchool SIS stores data for students who attended K-12 at a LDCSB school from 2008-09 onwards or Adult Education from 1993-94 onwards. If you were a LDCSB student prior to this, your information was not impacted as part of this incident.
 
Can I opt-out of PowerSchool?
Not at this time. the LDCSB is using this incident to review the information practices of all of its vendors.
 
Is the Board changing vendors?
Not at this time.
 
Were all PowerSchool products impacted?
No. Only PowerSchool SIS was impacted by this incident. Other PowerSchool tools, like SchoolMessenger, SmartFind, PowerTeacher and SpecialEd were not impacted.
 
I have additional questions not addressed by these FAQs.
If you have additional questions, please contact us at [email protected].

Power School Incident Update (February 3, 2025)

We are writing to update our prior communications from January 24, 2025 regarding the cyber incident involving PowerSchool’s Student Information System – the application used by the London District Catholic School Board (LDCSB) and many school boards across North America to store certain student and staff information.

 

This incident has affected current and former students and staff. Please note that we will also be posting this notice on our website to notify LDCSB’s former students and staff who may be affected. 

 

PowerSchool is offering two years of complimentary identity protection services, provided by Experian, to students and educators whose information was involved. For involved students and educators who have reached the age of majority, in addition to Experian’s identity protection services, PowerSchool is also offering two years of complimentary credit monitoring services provided by TransUnion.

 

To be clear, all students and educators, past and present, can sign up for Experian’s services. Only adults can sign up for TransUnion’s services. PowerSchool is not offering these services to parents, guardians or emergency contacts.

 

Since the incident, PowerSchool has monitored for signs of information misuse. They have reported that they are not aware at this time of any identity theft attributable to this incident. That said, we encourage all to sign up for these complimentary services.

 

PowerSchool has provided instructions for signing up for these services here, and we reproduce the instructions below, as well.

 

PowerSchool’s online notice, linked above, suggests that Social Insurance Numbers were affected for some Boards. For the LDCSB, no social insurance numbers were compromised.

 

Offer: Experian Identity Protection Services – Available to All Involved Students and Educators

Enrollment Instructions for Experian IdentityWorks

  • Ensure that you enroll by May 30, 2025 (Your code will not work after this date at 5:59 UTC)
  • Visit the Experian IdentityWorks website to enroll:

https://www.globalidworks.com/identity1

  • Provide your activation code: MPRT987RFK
  • For questions about the product or help with enrollment, please email [email protected]

 

Details Regarding Your Experian IdentityWorks Membership

A credit card is not required for enrollment in Experian IdentityWorks. You can contact Experian immediately regarding any fraud issues, and have access to the following features once you enroll in Experian IdentityWorks:

  • Internet Surveillance: Technology searches the web, chat rooms & bulletin boards 24/7 to identify trading or selling of your personal information on the Dark Web.
  • Fraud Remediation Tips: Self-help tips are available on your member center.

 

Offer: TransUnion Credit Monitoring Services – Available to Involved Students and Educators Who have Reached the Age of Majority in their Applicable Province or Territory

 

Enrollment Instructions for TransUnion myTrueIdentity

 

Details Regarding your myTrueIdentity Membership

Upon completion of the online enrollment process, you will have access to the following TransUnion myTrueIdentity features:

  • Unlimited online access to your TransUnion Canada credit report, updated daily. A credit report is a snapshot of your financial history and one of the primary tools leveraged for determining credit-related identity theft or fraud.
  • Unlimited online access to your CreditVision® Risk credit score, updated daily. A credit score is a three-digit number calculated based on the information contained in your TransUnion Canada credit report at a particular point in time.
  • Credit monitoring, which provides you with email notifications to key changes on your TransUnion Canada credit report. In today’s virtual world, credit alerts are a powerful tool to help protect you against identity theft, enable quick action against potentially fraudulent activity and provide you with additional reassurance.
  • Access to online educational resources concerning credit management, fraud victim assistance and identity theft prevention.
  • Access to Identity Restoration agents who are available to assist you with questions about identity theft. In the unlikely event that you become a victim of fraud; a personal restoration specialist will help to resolve any identity theft.  This service includes up to $1,000,000 of expense reimbursement insurance.
  • Dark Web Monitoring, which monitors surface, social, deep, and dark websites for potentially exposed personal, identity and financial information and helps protect you against identity theft.

 

PowerSchool has provided a call centre to address questions regarding these services. If you have any questions or concerns about this notice, please call 833-918-7884, Monday through Friday, 8:00am through 8:00pm Central Time (excluding major US holidays). Please be prepared to provide engagement number B138905.

Should you have any questions for the LDCSB about this notice, please do not hesitate to contact us at [email protected].

We are writing to provide another update on the cyber incident involving PowerSchool’s Student Information System – the application used by the LDCSB and many school boards across North America to store certain student and staff information. 

 
This incident has affected current and former students and staff. Please note that we will also be posting this notice on our website to notify the LDCSB’s former students and staff who may be affected.  
 
What Happened
On January 7, 2025, PowerSchool informed the LDCSB and other school boards throughout the province that that it had experienced a cyber incident affecting the LDCSB. Since then, we have been working with PowerSchool and internal and external experts to determine the precise information that was affected.
 
What Information Was Affected
We have concluded our analysis and can confirm that limited student and staff information was compromised as part of this incident. 
 
STUDENTS
For all K-12 students enrolled in the LDCSB from the 2008-09 school year to the end of 2024; and
For all Adult Education students enrolled in the LDCSB from 1993-94 school year to the end of 2024:
The information affected includes full name; home phone; home address; date of birth; gender; OEN; LDCSB student number; start and end dates at LDCSB; parent/guardian emergency contact name and phone number; graduation year (actual or anticipated). Please note that all fields were not breached for every person. This is a summary of fields in total.
 
Some high-level medical alert related notes (example: severe allergies) or free-form information provided at enrollment or exit by family (examples: post-secondary path or transfer status) were also affected. Please note that medical information provided after enrollment to LDCSB staff (e.g. Psychologists, Occupational Therapists, Physiotherapists, Audiologists, Speech-Language Pathologists, and Social Workers) was not impacted by this incident. 
 
This incident did not result in the compromise of any of the following information: financial/banking/credit card information, social insurance numbers, health assessment information, medical records, student academic grades, parent/guardian custody status or accommodations. 
 
The LDCSB’s internal network and systems were otherwise unaffected by this incident. In addition, other PowerSchool products used by the LDCSB, including SchoolMessenger, SmartFind, PowerTeacher and SpecialEd, were not affected by the PowerSchool breach.

STAFF
For all educator or LDCSB staff who had PowerSchool access from the 2013-14 school year to the end of 2024:
The information affected includes full name; LDCSB email address; MEN number (teachers); Employee ID. Note: if a staff member did not have access to PowerSchool, their information was not affected.

Frequently Asked Questions
We have also prepared an FAQ regarding this incident, and we encourage you to visit that here. You can also find an FAQ from PowerSchool here.
 
The LDCSB has reported this incident to the Office of the Information and Privacy Commissioner of Ontario (IPC), and the IPC has opened an investigation file. While you are entitled to file a complaint, the IPC has advised that it is not necessary as they are already investigating the matter. You can visit the IPC’s website at www.ipc.on.ca.
 
If you wish to have more information about this incident, we invite you to contact us at [email protected].
We appreciate your patience and understanding at this time, and sincerely regret any concern this has caused you. 
 
As you may know, an application called PowerSchool recently experienced a data breach.
 
The PowerSchool Student Information System (SIS) is used by the LDCSB and many school boards across North America to manage a range of student information as well as a limited amount of staff information. 
 
After a comprehensive investigation, it has been determined that some LDCSB student and staff data was impacted by the PowerSchool SIS breach. 
 
PowerSchool has informed the LDCSB that it has received confirmation that the data accessed by an unauthorized user has been deleted and that no copies of this data were posted online. 
 
When we determine the exact data that was affected, we will share that information with those affected. 
 
The LDCSB can confirm it does not store any Social Insurance Numbers, financial or banking information in PowerSchool. In addition, other PowerSchool products used by the LDCSB, including SchoolMessenger, PowerTeacher and SpecialEd, were not affected by the PowerSchool breach.
 
We know this news may be concerning. Please know that we are doing everything possible to learn more from PowerSchool about what occurred, and we will update the LDCSB staff and families as more information becomes available. 
 
If you have any questions, please contact the LDCSB’s Privacy Office at [email protected].