Skip to main content
About Us » PowerSchool Cybersecurity Incident

PowerSchool Cybersecurity Incident

Last updated: February 19, 2025

 

On January 7, 2025, Living Waters Catholic Schools was notified of a cybersecurity incident involving PowerSchool, the platform we use to manage student information. This data breach affected organizations internationally, including Living Waters Catholic Schools. 

 

PowerSchool has published a website to help answer questions and share what steps it is taking to address the incident. 

 

PowerSchool has assured us that the threat actor deleted the accessed data and that it was not shared or replicated. They have also implemented enhanced security measures to help prevent future incidents.

 

PowerSchool is working with cybersecurity experts, including CrowdStrike. Living Waters Catholic Schools is closely monitoring the situation.

 

Sign Up for Identity Protection and Credit Monitoring

PowerSchool is offering two years of complimentary identity protection services provided by TransUnion to students whose information was involved. For involved students who have reached the age of majority, in addition to TransUnion’s identity protection services, PowerSchool is also offering two years of complimentary credit monitoring services provided by TransUnion.  

 

Please Note: PowerSchool’s notice suggests that Social Insurance Numbers were affected for some school boards. We want to remind you that Living Waters Catholic Schools does not store Social Insurance Numbers in the Student Information System. This means no Social Insurance Numbers were affected by this cybersecurity incident.

 

Identity Protection Services

As part of their response, PowerSchool is offering two years of complimentary identity protection services through Experian Identity Protection Services for students and staff whose information was involved. 

 

Enrolment Instructions:

 

 
  • Provide your activation code: MPRT987RFK
 
  • For questions about the product or help with enrollment, please email [email protected]

 

The deadline to register is May 30, 2025. 

 

Credit Monitoring Services

As part of their response, PowerSchool is offering two years of complimentary credit monitoring services for all students and educators who are over 18 years of age. 

 

Enrolment Instructions:

 

 
  • If your identity is validated, a pop up will appear that provides an activation code and provides you a link to TransUnion’s myTrueIdentity site to enroll.
 
  • The Canadian Credit Monitoring Validation Page provides you with important information. You will not be asked to provide your personal information via this site to PowerSchool.  Based on the included hyperlink to a third party site operated by PowerSchool’s vendor, you may be asked to provide personal information to support an eligibility determination for the credit monitoring services offered by PowerSchool’s vendor.  That information may be processed in Canada and/or the United States. Any information inputted into the linked site will not be used for any purpose other than determining your eligibility.   After all activities are completed, PowerSchool will ensure that any data collected is permanently deleted by the vendor.

Upon completion of the online enrollment process, you will have access to the following TransUnion myTrueIdentity features:  

 

  • Unlimited online access to your TransUnion Canada credit report, updated daily. A credit report is a snapshot of your financial history and one of the primary tools leveraged for determining credit-related identity theft or fraud.
 
  • Unlimited online access to your CreditVision® Risk credit score, updated daily. A credit score is a three-digit number calculated based on the information contained in your TransUnion Canada credit report at a particular point in time.  
 
  • Credit monitoring, which provides you with email notifications to key changes on your TransUnion Canada credit report. In today’s virtual world, credit alerts are a powerful tool to help protect you against identity theft, enable quick action against potentially fraudulent activity and provide you with additional reassurance.  
 
  • Access to online educational resources concerning credit management, fraud victim assistance and identity theft prevention. 
 
  • Access to Identity Restoration agents who are available to assist you with questions about identity theft. In the unlikely event that you become a victim of fraud; a personal restoration specialist will help to resolve any identity theft.  This service includes up to $1,000,000 of expense reimbursement insurance.  
 
  • Dark Web Monitoring, which monitors surface, social, deep, and dark websites for potentially exposed personal, identity and financial information and helps protect you against identity theft.  

Frequently Asked Questions (FAQ)

We understand you may have questions, and we’ve created an FAQ section below to provide more information. This resource includes information about what happened, the actions being taken, and what this may mean for your family. Living Waters Catholic Schools is closely monitoring the situation. The FAQ will be updated should more information become available.
 
All current and former Living Waters students from 2015 and onward. 
 
All current and former Living Waters staff with access to PowerSChool since 2015.

Our investigation has determined that the data accessed included:

 

  • Student demographic information such as first name, last name, date of birth, student phone numbers, and mailing addresses. 
 
  • Alberta Student Numbers (ASN)
 
  • Guardian Alerts
 
  • Basic student medical information, including details such as asthma, allergies, diabetes, or other medical conditions that were shared with the school. 
The breach also accessed limited staff work-related data, including names, Living Waters email addresses, and internal identification numbers. We are directly communicating staff members that currently have or had PowerSchool access. 

No. Financial information was not accessed, as it is not stored in PowerSchool.

 

PowerSchool manages student information, but when parents or guardians make a payment, they are redirected to Rycor (Student Quick Pay) via a secure link. PowerSchool cannot access Rycor’s data, nor does Rycor share data back with PowerSchool. This recent cybersecurity breach was limited to PowerSchool systems only.

No. Student and staff photos was not accessed in this incident. 
No. Personal documents, such as birth certificates or baptism certificates uploaded during the registration process, are stored on a separate platform. They are not stored in PowerSchool. These documents were not affected by the PowerSchool cybersecurity breach.
Yes, you can continue to use your PowerSchool account as usual. The PowerSchool cybersecurity incident has not disrupted daily school operations or classroom instruction. PowerSchool has assured us that the incident has been contained and that additional security measures have been implemented to prevent future breaches.

The accessed data could potentially be used for identity theft, where personal details are misused to impersonate someone or commit fraud. It could also be used for phishing or social engineering, such as sending fake emails or messages designed to trick individuals into revealing sensitive information like passwords or financial details.

 

While no financial information, passwords, or personal documents were accessed in this incident, it is always important to monitor any digital accounts that you have to watch for activity that is not yours.

 

We advise being cautious with emails or messages that seem unfamiliar. Avoid clicking on unknown links and refrain from sharing personal details in response to unsolicited requests.

According to PowerSchool, the breach occurred after an unauthorized party used a compromised credential to gain access, affecting information from multiple school divisions worldwide, including Living Waters Catholic Schools.

 

PowerSchool has assured us that the vulnerability has been identified and resolved. They have also implemented enhanced security measures to prevent similar incidents in the future. 

This was a PowerSchool breach. PowerSchool says it has strengthened its password policies and controls, including increasing the length and complexity of the passwords required of all employees. PowerSchool is working with CrowdStrike, a leading cybersecurity company, monitoring the internet for any potential misuse of data. We are also closely monitoring the situation.

 

Living Waters Catholic Schools has Multi-Factor Authentication (MFA) enabled for all staff. MFA reduces the risk of account takeovers and provides additional security for users and their accounts. 

We recommend you always use the following practices to keep your accounts and information secure:

 

  • Regularly check your email, online accounts, and social media accounts for any signs of unusual activity.
 
  • Update all account passwords frequently, especially if any have been reused across different platforms.
 
  • Use strong, unique passwords for every account, and consider using a password manager for enhanced security.
 
  • Activate two-factor or Multi-Factor Authentication on any accounts where it’s available for extra protection.

 

Additionally, stay vigilant against phishing attempts. Be cautious of unfamiliar emails, calls, or messages that claim to be from legitimate organizations. Never click on suspicious links or share personal information without verifying the source. By always taking these precautions, you can help safeguard your accounts and reduce the risk of unauthorized access.