CBE Provides Free Identity Protection for Families Impacted by PowerSchool Cyberattack

The Calgary Board of Education (CBE) is taking proactive steps to support families affected by a recent cyberattack on PowerSchool, a software firm that manages personal information for educators and students worldwide. In light of the breach, CBE is offering two years of free credit monitoring and identity protection services to families impacted by this incident.

This data breach occurred on December 22 and involved the sensitive information of numerous staff and students across Alberta and beyond. CBE became aware of the attack when they received notification from PowerSchool on January 7. The compromised data includes names, birthdates, addresses, and phone numbers of affected families. CBE is currently collaborating with PowerSchool to further investigate the breach.

PowerSchool has not yet confirmed how many individuals from the Calgary Board of Education have been impacted by this cyberattack.

Upon informing school boards about the breach, PowerSchool stated that the situation was contained. However, investigations revealed that the IP address associated with the stolen data originated from a website hosting company in Ukraine. Notably, PowerSchool admitted in a customer-accessible post that they made a payment to the attackers to prevent the release of data, even though this incident was not classified as a ransomware attack. The specifics of the payment have not been disclosed.

Concerns arise as the integrity of the data might still be at risk. Professionals in data security indicate that evidence presented by attackers, claiming that stolen data has been deleted, can often be misleading. In response to these uncertainties, PowerSchool is monitoring the dark web for any signs of leaked information.

To ensure the protection of affected families, CBE is enlisting the services of TransUnion and Experian to provide free credit monitoring and identity protection. These services will be available to all impacted students and staff, while credit monitoring will specifically cater to individuals who are of legal age.

It remains uncertain how many adults who have since graduated are also victims of this breach.

PowerSchool, based in California, serves more than 15,000 clients across 90 countries. Some reports from schools in Ontario indicate that the data compromised may date back as long as 60 years and possibly includes medical records, disciplinary records, and emergency contact details. In certain U.S. schools, the breach has involved social security numbers of students and staff. CBE has not confirmed whether sensitive information such as social insurance numbers were part of the breach.

Philippe Dufresne, Canada’s Privacy Commissioner, mentioned that he is in communication with PowerSchool to gain clarity on the spill and its implications for affected families. He expressed concern regarding the potential impact of such breaches on students' personal information.

"It is critical that organizations implement security safeguards that are suitable for the type of sensitive information they handle, particularly when it concerns children’s data," he stated.

The Alberta's Office of Information and Privacy Commissioner has already received 17 breach notices tied to the PowerSchool incident and is actively reviewing these cases. They are collaborating with respective authorities in Ottawa and across the nation regarding the matter, emphasizing the importance of children's privacy in today's digital landscape.

CBE, PowerSchool, Cybersecurity