On Jan. 10, Uniondale school district superintendent Monique Darrisaw-Akil sent a district-wide letter on behalf of the school district that alerted staff and families about a global cybersecurity incident involving PowerSchool, the district’s Student Information System, during the last week of December.
According to the letter, potentially compromised data may have included student names, phone numbers, addresses, Social Security numbers and medical and grade information, as well as parent and guardian names, phone numbers and/or email addresses.
The Uniondale district was also informed that PowerSchool took “prompt action” to remedy the situation, the letter said. The company revoked compromised credentials, strengthened password policies and security measures, notified law enforcement and began their investigation for any evidence of data replication or public circulation, as outlined in the letter.
PowerSchool initially became aware of the data breach on Dec. 28, 2024, and reportedly took immediate action to contain the incident. As their immediate response, they said on their website that they “engaged our cybersecurity response protocols and mobilized a cross-functional response team, including senior leadership and third-party cybersecurity experts.”
PowerSchool said on their website that on Jan. 7, 10 days after the breach was first recognized, the company “proactively communicated this incident to the PowerSchool SIS customers affected by this incident, and we continue to support them through next steps.”
The company is continuing their investigation and said on their website that they are working closely with the affected school districts and schools to provide more information and resources, including credit monitoring or identity protection services if and when necessary, in a timely manner.
In response to this incident, PowerSchool is taking steps to prevent something like this from happening again. The company said it “regularly reviews and enhances its security policies and practices” as part of its commitment to “protecting the security and integrity” of their software.
As the “leading provider of cloud-based K-12 education software in North America,” PowerSchool services over 60 million students across 90 countries worldwide, according to their website.
“We take our responsibility to protect student, family, and educator data privacy extremely seriously,” it said on the website, “and we are committed to providing customers, families, and educators with resources and support as we work through this together.”
Other districts impacted, as reported by Newsday, were West Hempstead, Lynbrook, Glen Cove, Hicksville, Massapequa, Jericho, Middle Country, Smithtown Central and Nassau BOCES.
“We will continue to provide updates as we learn more about the incident,” the Uniondale district wrote in their letter, and people with questions or concerns are encouraged to call the school district at (516) 560-8800.
To learn more about the PowerSchool breach and how the company is working to resolve the issues, visit PowerSchool.com/Security/SIS-Incident/.