Notice Regarding PowerSchool Cybersecurity Incident
![PowerSchool Logo]([{"url":"https://resources.finalsite.net/images/f_auto,q_auto/v1736872358/carlyntonk12paus/gxfixryntif5lxtplj2m/PowerSchool.png","width":225}])
Rachel Byerly
On January 7, 2025, our student information system provider, PowerSchool, informed its customers of a “potential cybersecurity incident” that occurred on or around December 19, 2024. This page is designed to keep our community updated with the most recent information.
PowerSchool Cybersecurity Incident Update
PowerSchool recently experienced a cybersecurity incident resulting in unauthorized access to data within the Students and Teachers tables for certain PowerSchool SIS customers. Immediate actions were taken to contain the incident, notify relevant regulatory agencies, and provide impacted students and educators with complimentary identity and credit monitoring services.
Key Findings from the Investigation
A thorough investigation conducted by CrowdStrike revealed:
- The breach was limited to specific PowerSchool SIS instances of Students and Teachers tables.
- The attacker accessed PowerSource, a customer support portal, using a compromised credential.
- There was no evidence of malware, system-layer access, or compromise of other PowerSchool products.
- The data exfiltration is believed to have occurred in late December.
The final CrowdStrike incident report is now available on PowerSchool’s website. PowerSchool continues to engage with regulators in the United States and Canada to ensure compliance and transparency.
Support for Affected Individuals
PowerSchool has secured two years of complimentary identity and credit monitoring through Experian for impacted students and educators. Enrollment instructions and additional information are available on PowerSchool’s website. The deadline for enrollment has been extended to July 31, 2025.
Security Enhancements Implemented by PowerSchool
PowerSchool has introduced several security measures to prevent future incidents, including:
- Requiring single sign-on (SSO), multi-factor authentication (MFA), and enhanced access controls for all employees and contractors.
- Implementing physical security upgrades, such as fingerprint and facial recognition authentication.
- Conducting rigorous access audits and restricting maintenance windows.
- Establishing a Customer Security Advisory Council and developing a security assessment rubric for districts.
To view the full CrowdStrike report click here.
PowerSchool Cybersecurity Incident – Important Update for Carlynton Families
On December 19, 2024, PowerSchool, our student information system provider, experienced a cybersecurity incident in which certain personal information was accessed and exfiltrated through one of its customer support portals. This incident has impacted multiple school districts, including Carlynton School District.
What Information Was Affected?
The types of information compromised vary by individual and may include:
- Name and contact information
- Date of birth
- Limited medical alert information
- Other related demographic details
At this time, PowerSchool has stated that they have not identified any misuse of the affected information. However, they are taking proactive steps to support those impacted.
Identity Protection & Credit Monitoring Services
PowerSchool is offering two years of complimentary identity protection services for all affected students and educators.
- For adults (18 and over): Includes credit monitoring and identity protection.
- For minors (under 18): Includes Social Security Number monitoring and identity protection.
How to Enroll
If your child was enrolled in Carlynton School District on or around December 19, 2024, they are eligible for these services. If you are an employee of the District with login credentials to PowerSchool, then you are eligible for these services.
To enroll and obtain activation codes, please visit the PowerSchool Cybersecurity Incident Page.
For assistance, you may also call Experian at: 833-918-9464
Staying Vigilant
We encourage all families to take steps to protect their personal information, such as:
- Reviewing financial statements for any suspicious activity
- Monitoring online accounts
- Avoiding unsolicited requests for personal or financial information
PowerSchool will never contact you via phone or email to request personal details. In the coming weeks, however, Experian (on behalf of PowerSchool) will be distributing direct email notifications to involved individuals (or their parent/guardian, as applicable) for whom PowerSchool has sufficient contact information.
Ongoing Updates
Carlynton School District remains committed to protecting student and staff data. We are actively working with PowerSchool and our cybersecurity partners to monitor the situation. We will provide any further updates on this page as new information becomes available.
Notice Regarding PowerSchool Cybersecurity Incident
On January 7, 2025, our student information system provider, PowerSchool, informed its customers of a “potential cybersecurity incident” that occurred on or around December 19, 2024. This incident has impacted numerous school districts both locally and nationwide, including the Carlynton School District.
PowerSchool has created a dedicated webpage to provide additional details regarding the cybersecurity incident. Families can access this information by clicking HERE.
The Carlynton School District is committed to keeping our families informed. Should there be any future developments related to this incident, we will provide timely updates to our community.
Thanks,
John W. Kreider, Ed.D.
Superintendent of Schools
Carlynton School District