;
Skip to main content
Main Menu Toggle

PowerSchool Cyber Security Incident Staff Update 1

 

January 9, 2025



RE: PowerSchool Cyber Security Incident Update 1

 

Dear North Haven Staff Members,

 

On January 7, 2025, North Haven Public Schools received notification of a data security incident from a contracted service provider, PowerSchool.  PowerSchool is a vendor that many school districts in Connecticut, and across the globe, use to manage student information and data.  In its notification, PowerSchool informed the District that the data security incident affected its PowerSchool Student Information System, a tool that the District uses to store and manage student information. PowerSchool informed the District that the incident affected the District’s data.  

 

PowerSchool has indicated that upon learning of potential unauthorized access, they immediately contacted a 3rd party cyber security firm (CrowdStrike) to investigate the incident. They have stated that they have contained the incident and have taken steps that will further enhance data security going forward.  PowerSchool has reported that it currently has no evidence that there has been any misuse of or public disclosure of the accessed information and that it believes that the data which was improperly accessed has been deleted.  The cyber security firm is currently monitoring the Dark Net for any evidence that the data has been exposed. So far, there is no evidence that any of the data has been disseminated. 

 

While PowerSchool has not directly identified the affected individuals to us at this time, the North Haven Public Schools Technology Department began an immediate internal investigation to confirm whether any of the North Haven Public Schools’ data were compromised and the details about the data that was exported from our system. In the table below, you will find a description of the general information that was obtained for all past and current staff members through this breach. 

 

Based on our investigation to date, it appears a smaller subset of staff members had additional information stored that were among the data compromised in connection with the PowerSchool Breach. We will be following up in a timely fashion with a notification to the email on file for these individuals to inform them if they were among this subset. For this group of impacted individuals, PowerSchool has indicated that it will be providing credit-monitoring or identity protection services at no cost. We will provide this credit monitoring information to all affected individuals once PowerSchool provides it to the District. Alternatively, PowerSchool may reach out directly to affected individuals.

 

We take the privacy of all staff and student information very seriously and expect our vendors do the same. We will continue to pursue information regarding the scope and nature of this incident, and we will provide updates to those impacted by it as we learn more. A full investigative report is expected to be released by CrowdStrike on or around January 17th.  If you have any questions, please contact us via email at [email protected]

 

Sincerely, 

 

Patrick Stirk                                                                                                                   Jenn Kozniewski

Superintendent of Schools                                                                                  Director of Technology and Safety




Types of Data Exported for All Past and Present Staff Members:

 

  • Zip code for Staff Member's home address
  • The number the district assigns to identify the staff member in the data system
  • Current title for staff. 
  • ID Number used as a matching tool when importing teacher information
  • State
  • Home Phone Number
  • Team- used at Middle School for scheduling
  • Reflects the setting in the Engine for Max Prep Codes (per Term) a Teacher is to be scheduled.
  • District Email Address
  • Foreign key to codeset table of category prefix
  • Flag indicating whether or not this user is used for scheduling: True=Is used for scheduling. False=Not used for scheduling.
  • Flag stating whether the teacher is always free. 
  • Ethnicity
  • Whether or not a person has an access account to PowerSchool
  • Which screen a teacher sees first when they pull up student screens
  • Globally unique identifier for this table for SIF compliance. Indexed.
  • PowerTeacher Access
  • The classroom number this teacher is in most of the time.
  • Max Periods Per Day the Teacher is to be scheduled
  • Amount of periods available - For scheduling purposes
  • Staff member's Home School
  • Type of Gradebook used (PowerTeacher Pro)
  • Staff Member's Preferred Name (If different than their legal name)
  • Staff Member's Home School
  • Schools that a staff user can access in PowerSchool
  • The most courses a teacher can teach in a row without a break
  • Staff members Last name First name
  • Staff ethnicity code
  • Staff Residence city
  • Photo identifier (not photo)- Set to 1 if a photo exists for this user.
  • How many Students can be in a Teacher's class
  • Staff Member's Gender - Valid values: M = Male, F = Female.
  • The maximum number of courses the teacher can teach
  • Street element of the Staff Member’s address
  • Staff Member's Middle Name
  • Background identifying number for database joins
  • Staff member's Last Name
  • State Teacher ID for PSIS report
  • Background Identifying ID for table joins
  • Staff member's Job Title
  • The maximum number of preparatory periods the teacher can have.
  • Whether or not they are an active Staff member
  • Staff member's First Name
  • The department to which the teacher belongs.
  • Log file is updated when data is imported by staff
  • The Building Staff member Works in
  • Phone Number of School listed as Home School