Skip To Main Content

PowerSchool Breach

PowerSchool Breach

On Thursday, January 9, 2025, PowerSchool informed our leadership team that they experienced an international cybersecurity incident involving unauthorized access to certain PowerSchool Student Information System (SIS) customer data. Unfortunately, they have confirmed that the information includes Poquoson City Public Schools families and educators. It is important to note that this breach was a cyberattack on PowerSchool as a company, and there was no action that PCPS could have taken to prevent this breach in any way. This international incident has impacted school divisions across the country and abroad.

PowerSchool informed us that the compromised data primarily includes parent and student contact information with data elements such as name and address. Across their customer base, they have determined that for a portion of individuals, some personally identifiable information (PII), such as social security numbers (SSN) and medical information, was impacted. PCPS does not maintain student social security numbers, therefore, this information would not be compromised. However, PCPS does maintain PII such as addresses, contact information, medical information, and passwords for student access. Our team is preparing to change student passwords and that information will be forthcoming. 

We have received communication from the Virginia Department of Education who shared the following: “...PowerSchool stated that they have worked with three well known cyber security firms, as well as the FBI to investigate and contain this breach. They stated that they took extraordinary steps to ensure all breached data was deleted by the malicious actors.  It is believed by Power School and their 3rd party experts that the problem is contained and that the bad actors no longer have access or a retained copy of the information.  Of course, they are going by experience and what experts are telling them and there is no 100% way to know this is the case.”

PowerSchool has confirmed that the breached data file has been deleted and is no longer accessible. They have notified the FBI and engaged the cybersecurity firm CrowdStrike to assist in addressing the incident. According to CrowdStrike, no data from the breach has been found on the dark web at this time, and they continue to monitor the situation closely.

While PowerSchool is responsible for this incident and its impact, our team acted swiftly once we were notified. Protecting our students is something we take seriously. PowerSchool has informed PCPS that they will provide additional information, including credit monitoring or identity protection services if applicable and contact information to dialogue directly with the company. We will share that information with you once it is available. In the meantime, we strongly encourage all affected individuals to take proactive steps by reviewing their personal account statements.