LAKELAND - Northern Lights Public Schools Division (NLPS) is one of several school divisions across North America that has been impacted by a data breach of information held by PowerSchool.
PowerSchool provides cloud-based software to school divisions and districts across Canada and the US for the purposes of tracking enrolment, attendance, grades, as well as data on students such as addresses and other private information.
In an email sent to parents, guardians and caregivers of students on Jan. 9, NLPS confirmed the school division, which has 6,200 students in 28 schools in northeastern Alberta - including in the communities of Lac La Biche, Bonnyville and Cold Lake - experienced a significant data breach.
According to information released in the email statement, PowerSchool informed NLPS officials on Jan. 7 that the school division was one of those that had been affected by the breach. At that time, officials were not provided with specific information about what information was accessed.
NLPS was made aware that information from the PowerSchool Student Information System (SIS) was accessed by a threat actor between Dec. 22 and 28. The company, which serves 18,000 school divisions and 60 million students in 90 countries worldwide, says it took steps to contain the infringement and informed NLPS that the data is no longer accessible by the threat actor.
“PowerSchool has also taken measures to prevent access of information by unauthorized parties and are continuing to implement additional data security measures to increase information security,” noted the statement by NLPS.
But NLPS received more bad news on Jan. 8 when officials were provided with further details about the breach. Student and teacher tables in the PowerSchool SIS were accessed. The school division explained that it is working with PowerSchool to find out what specific information was accessed, along with who may be impacted.
Information accessed from the student table may include data such as student IDs, medical information, mailing addresses, grades, date of birth, ethnicity, gender, along with information regarding emergency contacts, enrolment status, and schools attended by specific students.
NLPS says it continues to work with PowerSchool and the Office of the Information Privacy Commissioner (OIPC) to gather details about the breach and assess how much it has impacted schools and individuals.
More information will be shared with those who have been affected by the breach when it becomes available.
“We understand that this situation is deeply concerning, and we want to assure you that our division office team is working diligently with PowerSchool and the Office of the Information Privacy Commissioner to determine the extent of the breach and who is impacted so we can notify everyone as soon as possible,” says NLPS.
As the investigation continues, the school division encourages individuals to take precautions to protect themselves, including monitoring personal accounts for any unusual activity, and passwords.
The school division also advises people to be on guard regarding phishing attempts or unsolicited emails requesting personal information.
Those who have questions or concerns are asked to contact Peter Desmond, the school division’s Freedom of Information and Protection of Privacy (FOIPP) coordinator, by phone at 780-826-3145 ext. 2006 or by email at peter[email protected]
