PowerSchool Data Breach
On January 8, 2025, GPPSD and other school divisions across North America were notified of a cybersecurity incident involving PowerSchool, our student information system. PowerSchool has reported that the data breach occurred in December 2024 and impacts customers worldwide.
PowerSchool confirmed on January 8th that the incident was contained, and enhanced security measures have been implemented to prevent similar breaches in the future. We want to reassure our families that no financial information was accessed or stored in PowerSchool. You can read PowerSchool’s letter here for more details about the situation.
Next Steps
Identity Protection and Credit Monitoring Services - In the coming days, PowerSchool will begin providing formal legal notice of the cybersecurity incident to current and former students (or their parents / guardians as applicable) and educators whose information was determined to be involved.
A direct email notification will be distributed by Experian and Transunion on behalf of PowerSchool in the coming weeks to applicable current and former students (or their parents / guardians as applicable) and educators for whom we have sufficient contact information. PowerSchool will also launch a website and distribute a media release to ensure we reach as many involved individuals as possible and provide them with resources to protect their information. Importantly, these notices will include instructions for involved individuals on how to enroll in the credit monitoring and identity protection services that are being offered by PowerSchool.
We continue to actively monitor the situation and work with PowerSchool to further determine the scope of the incident, potential impacts on families and staff, and the next steps. We will continue to update this webpage as more details become available.
You may also check the PowerSchool website for updates on this incident.
Thank you for your patience and understanding as we work through this complex situation. Protecting student and staff data is important, and we take this security breach seriously.
Questions can be directed to our GPPSD FOIP Coordinator by emailing info@gppsd.ab.ca or to the Office of the Information and Privacy Commissioner of Alberta at oipc@ab.ca.
Page updated January 29, 2025
As new information is received, the FAQ will be updated.
Q: What data was accessed?
Student and Staff information from 2011 until present.
Student personal information, including: first, middle and surname; birthdate; gender; student's home phone number and mailing address, and school of attendance. Emergency contact names, student note field, which in some cases includes, medical information such as: allergies, medications, medical conditions or alerts.
Staff information, including: first, and last name; user ID number; and GPPSD issued email address. In some instances, staff phone and address information was included, and these individuals will be contacted directly.
Q: I uploaded my personal documents during the registration process. Have these been compromised?
No. Personal documents (i.e., birth certificates, driver’s licenses, and immigration documents) are uploaded for registration into a different system, not PowerSchool.
Q; What information is stored in PowerSchool?
PowerSchool includes student information such as names, birthdates, addresses and phone numbers, student ID numbers and medical and guardian notes. PowerSchool also stores staff information, such as names, phone numbers and addresses, GPPSD email accounts and ID numbers.
For involved students and educators, the types of information exfiltrated in the incident include one or more of the following: the individual’s name, contact information, date of birth, limited medical alert information, and other related information. Due to differences in customer requirements, the information exfiltrated for any given individual varies across Divisions.
Q; Were photos accessed?
No. Student and staff photos were not accessed in this incident.
Q; Was financial information compromised?
Based on the information provided by PowerSchool, financial information was not compromised. GPPSD does not store credit card or other financial information in PowerSchool.
Q; How did the unauthorized party gain access to PowerSchool?
More details of the breach can be found in the information shared by PowerSchool.
Q; Will credit monitoring and identity protection be offered?
PowerSchool has engaged TransUnion and Experian, trusted credit reporting agencies, to offer two years of complimentary credit and identity protection and services for all students and educators whose information from PowerSchool student information system was involved.
- TransUnion will offer credit monitoring services to those who have reached the age of majority.
- Experian will offer identity protection services, which will be available for all involved students and educators.
Credit monitoring is being provided by TransUnion because Experian does not offer credit monitoring in Canada.
Details on how to enroll will be included as part of individual notifications. As
the offer is specific to this incident, the details contained in the enrollment notification will be required to enroll and cannot be obtained directly from TransUnion or Experian.
More information on this service, including how to enroll in identity protection services, will be shared with staff and families in the near future.
Q; How will notifications be sent?
PowerSchool will be providing notification to impacted individuals and the necessary privacy regulators. In coordination with TransUnion and Experian, PowerSchool will provide notice to individuals whose information was exfiltrated from your PowerSchool SIS.
- PowerSchool will publish the notice on its website, circulate the notice to local media, and send the notice to email addresses, where available, of involved students and educators.
- The notice received by each individual will include a description of the categories of personal information that were exfiltrated and the identity protection and credit monitoring services offered (as applicable).
- Experian will also provide a call center to answer questions from the community.
Q: Can I still access PowerSchool?
Yes. PowerSchool is available for school and family use.
Q: Should we change our passwords?
Yes. It’s good practice to change passwords regularly and not use the same password across different applications.
Q: Is PowerSchool safe to use?
Yes. PowerSchool has taken steps to secure its systems and assured GPPSD the breach has been contained.
