PowerSchool is providing ongoing updates about the cybersecurity incident. Click this link for all ongoing updates, as well as FAQs for families, educators, and customers.
___
Update, February 4, 2025
PowerSchool has started emailing Lexington Two employees and parents of students regarding the free identity protection service being offered through Experian as a result of PowerSchool’s cybersecurity incident in December 2024. The link in the email, https://www.experianidworks.com/plus, will take you to an Experian website to create an account. The email will contain an activation code, which you will need. Note: Acceptance into the service is free and optional.
PowerSchool’s update on cybersecurity incident, dated January 29, 2025:
In its update of January 29, 2025, PowerSchool shared information on the start of notifications to individuals potentially impacted by the cybersecurity incident, as well as provided a link to enroll in free credit monitoring and identity protection services. Click this link to access registration for these services. Please note, PowerSchool states that the deadline to enroll in free credit monitoring is May 30, 2025.
Dear Valued Customers,
We sincerely appreciate your continued support as we respond to our recent cybersecurity incident. Since our last update, we have initiated the process of notifying involved individuals about the resources now available to them. As part of this process, we have posted a notice to our website. Credit monitoring and identity protection services are now activated and available.
In the coming weeks, Experian (on behalf of PowerSchool) will also be distributing direct email notifications to involved individuals for whom we have sufficient contact information. This email notice will include further information about the information of theirs involved and the resources PowerSchool is offering. Additionally, we have coordinated with Experian to set up a call center for your families and educators in case they have questions about these offerings.
As a reminder, PowerSchool is offering two years of complimentary identity protection services for all current and former students and educators whose information was determined to be involved. We are also offering two years of complimentary credit monitoring services for all adult students and educators whose information was determined to be involved. We are doing this regardless of whether an individual’s Social Security Number was exfiltrated.
We care deeply about keeping the students, families, and educators we support informed of this process. Please refer inquiring community members to the PowerSchool website for the latest information on the cybersecurity incident. To further support our districts and schools, PowerSchool has prepared template communications for your adapted use in conversation with families and educators as you see fit. The emails included below this message provide an update to both groups regarding the notification process and services PowerSchool is offering to involved individuals.
Thank you for your partnership in supporting this process and the trust you have placed in our response. We acknowledge the significance of this incident and are committed to emerging from it stronger and better equipped to serve you and the communities we share.
Sincerely,
Hardeep Gulati
Chief Executive Officer, PowerSchool
__
Lexington Two email sent to families and staff on January 9, 2025, after notification of the PowerSchool cybersecurity incident and following a district meeting with Department of Education officials to get a better understanding of the situation across our state.
January 9, 2025
To: Lexington Two Families and Staff
Re: PowerSchool Cybersecurity Incident
This week, Lexington School District Two was informed by the SC Department of Education and contracted vendor PowerSchool, the hosting company and provider of the district’s student information system (SIS), about a cybersecurity breach that occurred in late December 2024. Earlier today, we were able to meet with Department of Education officials in order to get a better understanding of the situation across our state.
The breach involved student and staff records not only in South Carolina school districts but also from multiple other states and countries. This was an international criminal incident against PowerSchool, over which state and local districts had no control.
Lexington Two has initiated our response plan on the local level, including contacting the South Carolina Law Enforcement Division (SLED). In addition, district administration is following recommended guidance from PowerSchool and the SC Department of Education and is working with them in investigating how this PowerSchool breach affects our district.
This cybersecurity incident is very concerning. Please know that as we get more information, we will share updates with district families and employees. In the meantime, we are including some of the communications we have received regarding the breach – from PowerSchool, the SC Department of Education, and SLED and South Carolina Critical Infrastructure Cybersecurity. SLED’s memo includes some recommended steps for those potentially affected.
_______________________________
News release from the SC Department of Education, dated January 8, 2025:
WEST COLUMBIA, SC – Late Tuesday, the South Carolina Department of Education (SCDE) was informed by PowerSchool of a cybersecurity breach involving its PowerSource portal. This was an international incident over which the state and local districts had no control.
This breach resulted in unauthorized access to certain customer data from PowerSchool’s Student Information Systems (SIS), including data from multiple states and school districts across the country.
During a meeting with PowerSchool’s senior leadership, they confirmed that personally identifiable information (PII) was compromised. The SCDE is currently working to understand the full scope of the breach.
PowerSchool has stated that this breach has been contained and has informed the SCDE that it has taken steps to secure its systems, engage cybersecurity experts, and is also coordinating with law enforcement to address the breach.
The SCDE is actively communicating with PowerSchool, legal counsel, and local districts to assess the full impact on South Carolina schools, students, and educators and to determine next steps. The SCDE is also in direct communication with the State Law Enforcement Division (SLED), the Attorney General’s office and has notified the Governor and legislative leaders.
Commenting on the seriousness of this incident, State Superintendent of Education Ellen Weaver said, “The protection of our South Carolina students’ and educators’ personal data is non-negotiable. We fully recognize the anxiety this raises for them and their families.”
She continued, “While PowerSchool has taken accountability for this breach, our Department will take uncompromising action to ensure we uncover the complete extent of this incident. We will insist that PowerSchool not only notify affected individuals but also provide them with credit and identity monitoring services."
The SCDE will continue to engage and support districts and schools throughout this process as more information becomes available.
_______________________________
Related:
Click this link to read the notification from PowerSchool to districts, sent January 7, 2025