Register now
News
Jan 22, 2025

PowerSchool Cybersecurity Updates

Latest Updates on the PowerSchool Cybersecurity Incident

Newest Update as of February 20th, 2025

Dear PowerSchool User or Parent / Guardian of User:

You are receiving this notice on behalf of Thrive Elementary from PowerSchool. As you may know, PowerSchool provides software and services to your current or former school or the current or former school of a person to whom you are a parent or guardian. We are writing to share with you some important information regarding a recent cybersecurity incident involving personal information belonging to the named individual.

What Happened?

On December 28, 2024, PowerSchool became aware of a cybersecurity incident involving unauthorized exfiltration of certain personal information from PowerSchool Student Information System (SIS) environments through one of our community-focused customer support portals, PowerSource.

What Information Was Involved?

Due to differences in customer requirements, the types of information involved in this incident included one or more of the following, which varied by person: name, contact information, date of birth, Social Insurance Number, limited medical alert information, and other related information. At this time, we do not have evidence that the named individual’s Social Insurance Number was involved. At this time, we do not have evidence that limited medical alert information for the named individual was involved.

What Are We Doing?

PowerSchool is offering two years of complimentary identity protection services, provided by Experian, to students and educators whose information was involved. For involved students and educators who have reached the age of majority, in addition to Experian’s identity protection services, PowerSchool is also offering two years of complimentary credit monitoring services provided by TransUnion.

Offer: Experian Identity Protection Services – Available to All Involved Students and Educators

  • Enrollment Instructions for Experian IdentityWorks
  • Ensure that you enroll by May 30, 2025 (Your code will not work after this date at 5:59 UTC)
  • Provide your activation code: MPRT987RFK

For questions about the product or help with enrollment, please email globalidworks@experian.com

Details Regarding Your Experian IdentityWorks Membership

A credit card is not required for enrollment in Experian IdentityWorks. You can contact Experian immediately regarding any fraud issues, and have access to the following features once you enroll in Experian IdentityWorks:

  • Internet Surveillance: Technology searches the web, chat rooms & bulletin boards 24/7 to identify trading or selling of your personal information on the Dark Web.
  • Fraud Remediation Tips: Self-help tips are available on your member center.

Offer: TransUnion Credit Monitoring Services – Available to Involved Students and Educators Who have Reached the Age of Majority in their Applicable Province or Territory

Enrollment Instructions for TransUnion myTrueIdentity

  • There you will find a link to the validation website, https://CACreditMonitoringVali..., where you will be prompted to validate your information by entering your first name, last name and year of birth
  • If your identity is validated, a pop up will appear that provides an activation code and provides you a link to TransUnion’s myTrueIdentity site to enroll

Details Regarding your myTrueIdentity Membership

Upon completion of the online enrollment process, you will have access to the following TransUnion myTrueIdentity features:

  • Unlimited online access to your TransUnion Canada credit report, updated daily. A credit report is a snapshot of your financial history and one of the primary tools leveraged for determining credit-related identity theft or fraud.
  • Unlimited online access to your CreditVision® Risk credit score, updated daily. A credit score is a three-digit number calculated based on the information contained in your TransUnion Canada credit report at a particular point in time.
  • Credit monitoring, which provides you with email notifications to key changes on your TransUnion Canada credit report. In today’s virtual world, credit alerts are a powerful tool to help protect you against identity theft, enable quick action against potentially fraudulent activity and provide you with additional reassurance.
  • Access to online educational resources concerning credit management, fraud victim assistance and identity theft prevention.
  • Access to Identity Restoration agents who are available to assist you with questions about identity theft. In the unlikely event that you become a victim of fraud; a personal restoration specialist will help to resolve any identity theft. This service includes up to $1,000,000 of expense reimbursement insurance.
  • Dark Web Monitoring, which monitors surface, social, deep, and dark websites for potentially exposed personal, identity and financial information and helps protect you against identity theft.

As soon as PowerSchool learned of the incident, we engaged cybersecurity response protocols and mobilized senior leadership and third-party cybersecurity experts to conduct a forensic investigation of the scope of the incident and to monitor for signs of information misuse. We are not aware at this time of any identity theft attributable to this incident.

What Can You Do?

You are encouraged to remain vigilant against incidents of identity theft and fraud by reviewing account statements for suspicious activity. PowerSchool will never contact you by phone or email to request your personal or account information.

Other Important Information:

If you have any questions or concerns about this notice, please call 833-918-7884, Monday through Friday, 8:00am through 8:00pm Central Time (excluding major US holidays). Please be prepared to provide engagement number B138905.

Sincerely,

The PowerSchool Team


________________________________________________________________

February 3rd, 2025

Dear Valued Customers,

We sincerely appreciate your continued support as we respond to our recent cybersecurity incident. Since our last update, we have initiated the process of notifying involved individuals of the incident about the resources now available to them. As part of this process, we have posted a notice on our website. Credit monitoring and identity protection services are now activated and available.

In the coming weeks, Experian (on behalf of PowerSchool) will also be distributing direct email notifications to involved individuals for whom we have sufficient contact information. This email notice will include further information about the information of theirs involved and the resources PowerSchool is offering. Additionally, we have coordinated with Experian to set up a call center for your families and educators in case they have questions about these offerings.

As a reminder, PowerSchool is offering two years of complimentary identity protection services, which will be provided by Experian, for all current and former students, and educators whose information was determined to be involved. We are also offering two years of complimentary credit monitoring services, provided by TransUnion for students and educators who have reached the age of majority. We are doing this regardless of whether an individual’s Social Insurance Number was exfiltrated. This service is being provided by TransUnion because Experian does not offer credit monitoring in Canada; the Experian notice will include information about both service providers and how to apply.

We care deeply about keeping the students, families, and educators we support informed of this process. Please refer inquiring community members to the PowerSchool website for the latest information on the cybersecurity incident. To further support our districts and schools, PowerSchool has prepared template communications for your adapted use in conversation with families and educators as you see fit. The emails included below this message provide an update to both groups regarding the notification process and services PowerSchool is offering to involved students and educators.

Thank you for your partnership in supporting this process and the trust you have placed in our response. We acknowledge the significance of this incident and are committed to emerging from it stronger and better equipped to serve you and the communities we share.

Sincerely,

Hardeep Gulati

Chief Executive Officer, PowerSchool

________________________________________________________________

January 27th, 2025

Dear Valued Customers,

I am writing today to inform you that our investigation and data review into the scope of the cybersecurity incident has continued in earnest. As part of our commitment to keeping you informed, we are reaching out with an update on the latest steps we have taken in response to this incident and what you can expect over the coming days.

Importantly, this message requires no action on your part and serves simply as an update.

This afternoon, PowerSchool began the process of filing state attorneys general notifications across applicable U.S. jurisdictions on behalf of customers who did not opt-out of our offer to do so. PowerSchool has also started the process of notifying Canadian regulators.

For our U.S. customers, you may also have notification requirements with your state’s Department of Education. Since many customers have already notified and are in close contact with their state’s Department of Education, PowerSchool will defer to you on making these notifications.

In the coming days, PowerSchool will begin providing formal legal notice of the cybersecurity incident to current and former students (or their parents / guardians as applicable) and educators whose information was determined to be involved.

A direct email notification will be distributed by Experian on behalf of PowerSchool in the coming weeks to applicable current and former students (or their parents / guardians as applicable) and educators for whom we have sufficient contact information. PowerSchool will also launch a website and distribute a media release to ensure we reach as many involved individuals as possible and provide them with resources to protect their information. Importantly, these notices will include instructions for involved individuals on how to enroll in the credit monitoring and identity protection services that are being offered by PowerSchool.

PowerSchool will also be providing you with communications materials to help navigate conversations with families and educators as part of our effort to support you with the expected inquiries from your community members.

Thank you for your ongoing patience and partnership.

Hardeep Gulati

Chief Executive Officer, PowerSchool


________________________________________________________________

January 22, 2025

Dear PowerSchool SIS Customer,

Thank you for your continued patience and partnership as we address the recent cybersecurity incident. Over the last few weeks, we have been focused on assessing the scope of data involved, making further enhancements to our cybersecurity defenses, and developing a plan to help you and our shared community.

As a PowerSchool SIS customer in Canada whose information was involved, I am writing to provide you with updates on several important next steps:


Identity Protection and Credit Monitoring Services: PowerSchool has engaged TransUnion and Experian, trusted credit reporting agencies, to offer complimentary identity protection and credit monitoring services to all students and educators whose information from your PowerSchool SIS was involved. The offered credit monitoring services in Canada, which will be available for those who have reached the age of majority, will be provided by TransUnion; the offered identity protection services, which will be available for all involved students and educators, will be provided by Experian for both the United States and Canada. This offer is being provided regardless of whether an individual’s Social Insurance Number was exfiltrated.

  • Identity Protection: PowerSchool will be offering two years of complimentary identity protection services, which will be provided by Experian, for all students and educators whose information was involved.
  • Credit Monitoring: PowerSchool will also be offering two years of complimentary credit monitoring services, which will be provided by TransUnion, for all students and educators who have reached the age of majority whose information was involved. This service is being provided by TransUnion because Experian does not offer credit monitoring in Canada.


Notifications: Starting in the next few weeks, PowerSchool will be handling notifications to involved individuals and the necessary privacy regulators on your behalf. We hope to relieve the burden of these notifications on you and your institution.  

  • Community: PowerSchool will coordinate with TransUnion and Experian, to provide notice on your behalf to students, parents / guardians and educators, as applicable, whose information was involved, as well as a call center to answer questions from the community. The notice will include the identity protection and credit monitoring services offer (as applicable).  


In this Community link, you will find a fact sheet with additional details on these steps and the incident, a template that we intend to use to notify students and educators via email addresses, where available, whose information was involved, and a proposed communication that you may choose to share with families and educators to keep them informed on these steps. We are providing this communication package to technical contacts listed by your organization with PowerSchool. Please share as appropriate to relevant leaders in your organization.

I sincerely value the trust you have placed in PowerSchool. We are committed to learning from this incident, becoming stronger and more resilient as a company for having experienced it – and most importantly – we are committed to serving you and our shared community.

We appreciate all that you are doing to support families and educators through this process.

Sincerely,

Hardeep Gulati

Chief Executive Officer, PowerSchool


________________________________________________________________ 

Januaruy 22nd Update from Thrive Elementary

Following the notification from PowerSchool about the cybersecurity incident and our subsequent emails alerting student parents and teachers, Thrive is continuing to work with PowerSchool to understand more details from their investigation. This page will provide any new details on the incident as they become available.

Both PowerSchool and Thrive Elementary have taken the necessary security actions to address future unauthorized actions. Please note that this was a service provider breach (PowerSchool SIS) that affected many school districts in Canada, and not a breach of Thrive’s internal systems infrastructure.

Thrive Elementary IT department has completed an assessment of what information was accessed by the unauthorized party and determined the following data was exported during the incident:

Teacher Data in the Export:

  • Name (first, last, preferred)
  • Email Address (Only @goauto.ca or @thriveschool.ca, apart from one user who had a Gmail address in their account details)
  • Phone number (only populated for one staff member)
  • Job Title (only populated for some staff)
  • Various internal PowerSchool values (i.e. the school ID, the permission profile ID, etc.)

Student Data in the Export:

  • Name (first, middle, last)
  • Mailing address
  • Home phone
  • Alerts (guardian, medical, other)
  • Academic status (i.e. grade, school, date of enrollment/exit)
  • Entry and Exit Codes, along with Exit Comments
  • Date of Birth
  • Gender
  • Alberta Student Number
  • Thrive student number
  • Various internal PowerSchool values (i.e. the school ID, the internal ID for contacts associated to the student, etc.)


A few important pieces of information that did NOT appear in the student export:

  • Any grade information
  • Any attendance information
  • Any Alberta coding information that details FNMI status, learning disabilities, etc.
  • Contact details for individuals associated to the student account. Only the mailing address and home phone directly attached to the student were exported.

Thrive Elementary

10735 McQueen Rd.
Edmonton, AB
T5N 3L1

About Us

About Us

Thrive Elementary

Thrive Elementary

Register

Thrive School is a public charter school. Our focus is on academic achievement, holistic well-being and enriched STEM learning. Yellow bus service, meals and after-school activities are all provided. Thrive School is free to families. No tuition, no school fees and no extra costs.

Thrive School is located in amiskwacîwâskahikan (Edmonton) on the traditional lands, known as Treaty 6 Territory and the homeland of Métis Region #4.