School Directory
  • Home
  • PowerSchool FAQ

PowerSchool FAQ

Frequently Asked Questions

What happened?

On January 7, 2025, Medicine Hat Catholic Board of Education was notified by PowerSchool—a third-party software vendor whose platform we, and many other schools, use to store student and staff information—of a data breach.

In response to the incident, PowerSchool engaged third-party cybersecurity experts to conduct a forensic investigation into the scope of the incident and to monitor for signs of information misuse. We have been informed by PowerSchool that the incident has been contained and there is no evidence of continued unauthorized activity on their platform. 

Although the breach did not originate on MHCBE' systems, as soon as we learned of this incident, we initiated our security protocols. Our daily operations have not been interrupted because of this incident and schools continue to operate as usual.

 

When was MHCBE informed of the incident?

We were notified of the incident by PowerSchool on January 7, 2025.

 

When did MHCBE notify staff and families?

On January 9, 2025, MHCBE notified all division staff and parents/guardians of currently enrolled students via email and on the division website.

From there we launched a detailed review to determine what information was involved and to whom it was associated. 

Updates were provided as our review progressed and we received more information from PowerSchool regarding the incident. 

 

When did PowerSchool learn of the incident?

On December 28, 2024, PowerSchool became aware of a cybersecurity incident involving unauthorized exfiltration of personal information from certain PowerSchool Student Information System (SIS) environments through one of its community-focused customer support portal.

 

Who is PowerSchool?

PowerSchool is a software platform that gives parents and students access to real-time information, including attendance, school bulletins and grades. We are one of many schools that use PowerSchool that were impacted by this incident. 

 

Were authorities notified?

Yes, law enforcement was notified and we are in the process of reporting the incident to the relevant privacy authority. 

 

Who is affected?

Current and former staff and students from 2015 to present.

 

What data was impacted?

According to PowerSchool’s investigation, staff and student data was accessed and acquired without authorization on December 28 as a result of this incident.

As soon as we learned that MHCBE data was impacted, we launched a detailed review to determine what information was involved and to whom it was associated.

As a result of this review, we identified the following personal information was impacted as a result of this incident:

  • Student personal information: name, date of birth, mailing address, phone number(s), email addresses, Alberta Student Number, graduation year.
  • Staff personal information: name and email address.
  • No financial information or social insurance numbers were impacted as a result of this incident.

 

Were SINs impacted?

No.

 

Was financial information impacted?

No. Credit card and banking information were not involved in this incident.

 

What solutions are being offered to impacted individuals?

PowerSchool has arranged (i) for two years of identity protection services through Experian; and (ii) for those who are the age of majority, two years of credit monitoring services through TransUnion on a complimentary basis.

If you are a student or educator who is the age of majority, you can sign up for both services. 

 

Why can’t I enroll my child in credit monitoring services?

Credit monitoring agencies do not offer credit monitoring services for individuals under the age of majority. If a parent / guardian enrolls an individual under the age of majority in the offered identity protection services, the individual, upon reaching the age of majority, will have the opportunity to enroll in credit monitoring services for the duration of the two-year coverage period.

 

Why are the solutions being provided by different providers?

Credit monitoring is being provided by TransUnion because Experian does not offer credit monitoring in Canada. 

 

What is included under Experian’s identity protection services?

When you register with Experian, you have access to the following features:

  • Internet Surveillance: Technology searches the web, chat rooms & bulletin boards 24/7 to identify trading or selling of your personal information on the Dark Web.
  • Fraud Remediation Tips: Self-help tips are available on your member center.

 

What is included under TransUnion’s credit monitoring services?

When you register with TransUnion, you have access to the following features:

  • Unlimited online access to your TransUnion Canada credit report, updated daily. A credit report is a snapshot of your financial history and one of the primary tools leveraged for determining credit-related identity theft or fraud.
  • Unlimited online access to your CreditVision® Risk credit score, updated daily. A credit score is a three-digit number calculated based on the information contained in your TransUnion Canada credit report at a particular point in time.
  • Credit monitoring, which provides you with email notifications to key changes on your TransUnion Canada credit report. In today’s virtual world, credit alerts are a powerful tool to help protect you against identity theft, enable quick action against potentially fraudulent activity and provide you with additional reassurance.
  • Access to online educational resources concerning credit management, fraud victim assistance and identity theft prevention.
  • Access to Identity Restoration agents who are available to assist you with questions about identity theft. In the unlikely event that you become a victim of fraud; a personal restoration specialist will help to resolve any identity theft.  This service includes up to $1,000,000 of expense reimbursement insurance.
  • Dark Web Monitoring, which monitors surface, social, deep, and dark websites for potentially exposed personal, identity and financial information and helps protect you against identity theft.

 

I didn’t receive a notice but feel that I should have? 

On January 9, 2025, MHCBE notified all current division staff members and guardians of all currently enrolled students via email.

If you do not receive an email, please follow this link to view a copy of the notification letter and to register for your complimentary identity protection services (for all students and educators) and credit monitoring services (for all students and educators who are the age of majority). 

 

How are you contacting members for whom you do not have contact information?

For former students and staff for whom contact information is not available or for whom we do not have up-to-date contact information, they are being contacted through the notification letter published to PowerSchool’s website and through a press release published by PowerSchool. 

 

Will you be providing any further updates? 

The investigation has concluded and we do not anticipate any further updates regarding this incident. 

 

Additional questions?

To the extent you have questions or concerns about this incident, PowerSchool has established a dedicated incident response line, which we invite you to contact. To do so, please call  833-918-7884, Monday through Friday, 8:00 am through 8:00 pm Central Time (excluding major US holidays) and provide the call representative the following engagement number B138905

If you would prefer to contact MHCBE, questions can be sent to info@mhcbe.ab.ca or call 403-527-2292.