What Happened?
On December 28, 2024, PowerSchool became aware of a cybersecurity incident involving unauthorized exfiltration of certain personal information from PowerSchool Student Information System (SIS) environments through one of our community-focused customer support portals, PowerSource.
What Information Was Involved?
Due to differences in customer requirements, the information exfiltrated for any given individual varied across the customer base. For involved individuals, the types of information exfiltrated in the incident included one or more of the following, which varied by person: the individual’s name, contact information, date of birth, limited medical alert information, Social Security Number, and other related information.
Attached is a copy of PowerSchool's filing with the MA Attorney General's Office. It provides details about the breach, the information that was compromised in the breach, and provides options for identity protection. Please know that LPS does NOT collect or store student Social Security numbers and they are not found in our student information system. PowerSchool has communicated that they will not be sharing the names of impacted individuals directly with schools - they will instead be working directly with the AG's office to communicate which individuals have been affected and how. Due to the hundreds of thousands of affected individuals nationally and worldwide, that seems to be taking some time. We have been notified that the Attorney General's office will be reaching out directly to those affected.
To Read Powerschool's Full Statement, please visit their website here:
Communication to LPS Families
1/8/25 BrightArrow Email Communication from LPS Superintendent & Technology Department Head
2/27/25 BrightArrow Email Communication from LPS Superintendent & Technology Department Head