School Directory
Back to All News

PowerSchool Cybersecurity Incident

Posted on Feb 11, 2025

Incident Update Letter to Families

February 11, 2025

Dear MHCBE families, 

As we take the privacy and security of our division staff and students seriously, I would like to provide an update regarding the PowerSchool Cybersecurity Incident that was communicated with you on January 9, 2025.

Though we have no indication or reason to believe that your child’s information has or is likely to be fraudulently misused, this letter explains what happened, the measures taken in response, and offers steps you may consider taking to protect yourself and your child’s information going forward.

What Happened?

On January 7, 2025, PowerSchool informed us that it was subject to a data breach during which an unauthorized party gained access to its platform where we store student and staff information.

PowerSchool is a software platform that gives parents and students access to real-time information, including attendance, school bulletins and grades. We are one of many schools that use PowerSchool that were impacted by this incident.

What Data was Impacted?

According to PowerSchool’s investigation, student data was accessed without authorization on December 22, 2024 as a result of this incident. As soon as we learned that MHCBE student data was impacted, we launched a detailed review to determine what information was involved and to whom it was associated.

As a result of this review with PowerSchool, we identified the following student personal information:

  • Name, date of birth, mailing address, home phone number, Alberta Student Number, graduation year.
  • No financial information or social insurance numbers were impacted as a result of this incident. 

While we have no evidence to suggest that any of your child’s personal information has been misused for any fraudulent purposes, and proactive steps were taken to prevent that from occurring, protecting the personal information in our care is a top priority for us and we wanted to alert you to this unfortunate incident as soon as possible. 

What Steps Were Taken?

Although the breach did not originate on our systems, as soon as we learned of this incident, we initiated our security protocols. Our daily operations remain uninterrupted and our schools continue to operate as usual.

In response to the incident, PowerSchool engaged third-party cybersecurity experts to conduct a forensic investigation of the scope of the incident and to monitor for signs of information misuse. We have been informed by PowerSchool that the incident has been contained and there is no evidence of continued unauthorized activity on their platform. 

Law enforcement was also notified and we are in the process of reporting the incident to the relevant privacy authority. 

To help alleviate some of the concerns you may have regarding this incident, PowerSchool has arranged for (i) two years of identity protection services through Experian; and (ii) those who are the age of majority, two years of credit monitoring services through TransUnion on a complimentary basis.

For instructions on how to enroll, please visit PowerSchool’s website at https://www.powerschool.com/security/sis-incident/notice-of-canada-data-breach/

What Should You Do?

While we have no evidence that your child’s personal information has been misused for any fraudulent purposes, we recommend remaining vigilant against common threats by taking the following steps to protect yourself and your information:

  • Enroll in the identity protection and if your child is the age of majority, credit monitoring services offered to you. Enrollment instructions and an overview of the features of this product are included in the above link.
  • Use complex and unique passwords for your PowerSchool account and do not reuse your password or a similar version of it on different platforms. 
  • If you receive emails, letters, telephone calls or text messages in the days ahead purporting to be from MHCBE asking for financial or any other personal information that you were not expecting, please consider the communication to be fraudulent, and contact us at 403-527-2292 to confirm its authenticity.  
  • Remain vigilant of any phishing or spoofing attempts. Spoofing is an impersonation tactic used in phishing campaigns to deceive individuals into thinking that a communication, either a letter, text or email, came from a trusted source and to leverage that to obtain further information or defraud the recipient. 
  • Avoid clicking on links or downloading attachments from suspicious emails. 

Additional tips and resources for protecting your identity are available at: https://www.priv.gc.ca/en/privacy-topics/identities/identity-theft/guide_idt/

Learn more

PowerSchool has established a dedicated incident response line, which we invite you to contact. To do so, please call  833-918-7884, Monday through Friday, 8:00 am through 8:00 pm Central Time (excluding major US holidays) and provide the call representative the following engagement number B138905. 

Here is a link to our PowerSchool Cybersecurity Incident FAQ that may help answer any additional questions you may have. All updates regarding this incident can be found on this division website page

Please do not hesitate to contact my office directly if you have any additional questions, 403-527-2292 or info@mhcbe.ab.ca.  

Sincerely, 

Dr. Dwayne Zarichny
Superintendent of Schools
Medicine Hat Catholic Board of Education

Progress Update

January 31, 2025

Medicine Hat Catholic senior administration continues to actively work with PowerSchool to resolve the situation. We want to assure staff and families that this matter is being taken seriously, and we will share an update with staff and families as soon as more information becomes available.

Thank you for your patience as we continue to navigate this unforeseen circumstance.

_____________________________________

PowerSchool Cybersecurity Incident Letter to Staff & Families

January 9, 2024

The Medicine Hat Catholic Board of Education has been informed of a cybersecurity incident involving PowerSchool, the system used to store staff and student information.

Along with several other affected school divisions across North America, we are working closely with PowerSchool to determine the scope of the incident and any potential impact on our families and staff. We have been made aware that no financial information was accessed in PowerSchool.

PowerSchool has assured us that the incident is contained and that strengthened security measures have been implemented to prevent future breaches. PowerSchool’s operations remain unaffected, and service continues as usual.

We will continue to monitor the situation closely and provide updates with staff and families as information becomes available to us.

Click here to view the letter that MHCBE senior administration received from PowerSchool outlining the situation.

www.mhcbe.ab.ca |  Facebook  |  Instagram  |  info@mhcbe.ab.ca