PowerSchool Cybersecurity Incident

PowerSchool Cybersecurity Incident – Experian Notices

March 25, 2025

The Division has been informed the direct email communication is starting to go out from Experian—sent on behalf of PowerSchool—to individuals connected to Elk Island Public Schools (EIPS) affected by the PowerSchool cybersecurity incident earlier this year. Division students, parents/guardians and staff, as applicable, whose information was involved in the incident can expect to receive an email from one of the following email addresses with information about next steps.

Ps-sis-incident [at] mail [dot] csid [dot] com
Ps-sis-incident [at] mail1 [dot] csid [dot] com
Ps-sis-incident [at] mail2 [dot] csid [dot] com

Direct emails from one of these three email addresses are legitimate emails from Experian and not spam—see example.

NOTE: There are key deadlines included within the email notice for those individuals interested in enrolling for identity protection services, credit monitoring or both, as applicable. EIPS encourages families to check your spam or junk folders in case the email may have been filtered there.

If you don’t receive a direct email and were expecting to, or if you have any questions or require additional information, refer to the Cybersecurity Incident page on the PowerSchool website.

Email addresses you can expect to see related to the PowerSchool cybersecurity incident.

Frequently Asked Questions

Feb. 4, 2025

What solutions are being offered to impacted individuals?
PowerSchool has engaged TransUnion and Experian, trusted credit reporting agencies, to offer two years of complimentary identity protection services for all students and educators whose information was involved. This offer will also include two years of complimentary credit monitoring services for all students and educators whose information was involved and who have reached the age of majority.

The offered credit monitoring services, which will be available for those who have reached the age of majority, will be provided by TransUnion; the offered identity protection services, which will be available for all involved students and educators, will be provided by Experian. Credit monitoring is being provided by TransUnion because Experian does not offer credit monitoring in Canada.

I didn’t receive a notice but feel I should have?
The week of Feb. 11, 2025, PowerSchool will begin contacting current and former EIPS members for whom email addresses were available. Please check your junk mail in the event the letter may be misdirected to this folder.

If you do not receive an email, please follow this link to view a copy of the notification letter and to register for your complimentary identity protection services (for all students and educators) and credit monitoring services (for all students and educators who are the age of majority).

What happened?
On Jan. 8, 2025, Elk Islands Public Schools was notified by PowerSchool—a third-party software vendor whose platform we, and many other schools in North America and around the world, use to store student and staff information—of a data breach.

Although the breach did not originate on EIPS' systems, as soon as we learned of this incident, we initiated our security protocols, including engaging cybersecurity specialists. Our daily operations have not been interrupted because of this incident and schools continue to operate as usual.

We've been informed by PowerSchool that the incident is contained and there is no evidence of continued unauthorized activity in the PowerSchool platform. We are not aware of any data misuse at this point. PowerSchool has advised it has received confirmation the data accessed by the unauthorized user has been deleted and that no copies of this data were posted online.

Are accounts through PowerSchool secure?
Usernames and passwords were not impacted in this breach.

Was financial information stolen?
We want to assure you that no financial information (including credit cards) was accessed or stored in PowerSchool. When EIPS parents or guardians make a payment, they are redirected to a separate payment platform via a secure link. PowerSchool cannot access financial information stored on this payment platform, nor does this payment platform share data back with PowerSchool. The recent data breach was limited to PowerSchool’s platform only.

Who is affected?
All current and former EIPS students who attended EIPS from 2009 onward and current and former staff who had a PowerSchool account from 2009 onward.

What data was impacted?
On Dec. 22, 2024, an unauthorized party accessed PowerSchool’s platform where we store student and staff information. EIPS has completed a thorough review of impacted data and can confirm the following data was accessed as a result of this incident:

Students: name, date of birth, grade level, mailing address, Alberta Student Number, parent/guardian names, home phone number, graduation year and some emergency contact and medical information (for example, doctors' names and phone numbers)
Staff: name, work email address, employee ID, PowerSchool username (firstname.lastname)

Note: Data taken for former students and staff would have been accurate as of the last time they were enrolled or employed with the Division, respectively.

Documents (for example, birth certificates) uploaded within PowerSchool and social insurance numbers were not impacted as a result of this incident.

Were photos accessed?
No staff or student photos were accessed in this incident.

What happens next?
Starting the week of Feb. 11, 2025, Experian (on behalf of PowerSchool) will begin distributing direct email notifications to EIPS students, parents/guardians and educators (as applicable) for whom email contact information was available.

For former students and staff for whom contact information is not available or for whom we do not have up-to-date contact information, they will be contacted through this website notice. Additionally, PowerSchool has published the notification letter on its website and published a press release in further efforts to reach those individuals who could not be contacted through email.

Will you be providing any further updates?
We do not anticipate any further updates. However, if there are any important updates, we will release it through our website.

Additional Questions?
If you have any questions or concerns regarding the notice from Experian on behalf of PowerSchool or this incident in general, please call 833-918-7884, Monday through Friday between the hours of 8 a.m. to 8 p.m. CT, excluding major U.S. holidays.

If you would prefer to contact EIPS, questions can be submitted via the Division website online contact form or directly with your school administration.

Previous Update: Feb. 4, 2025

Feb. 4, 2025

In continued efforts to provide you with real-time and transparent information regarding the data breach involving PowerSchool (a software vendor used by Elk Island Public Schools), we are sharing an update on notices being sent out in relation to this incident and responses to frequently asked questions.

Starting the week of Feb. 11, 2025, we expect Experian will begin distributing direct email notifications (on behalf of PowerSchool) to EIPS students, parents/guardians and educators (as applicable) whose information was involved in the incident and for whom email contact information was available. The notice includes two years of complimentary identity protection services provided by Experian. For students and educators who are the age of majority, this offer will also include two years of complimentary credit monitoring services provided by TransUnion.

Additionally, PowerSchool has worked with Experian to set up a dedicated, toll-free call centre to answer any questions associated with both Experian and TransUnion’s offerings and the incident. All the information regarding the activation of and access to these services will be included in the emails sent to you by Experian. Whether or not you receive an email, you may also visit PowerSchool’s website to learn how to activate these offerings.

We care deeply about the welfare of our EIPS families and will continue to do everything we can to support you. Thank you again for your support and understanding during this time.

Previous Update: Jan. 10, 2025

What happened?
On Jan 8, 2025, Elk Islands Public Schools was notified by PowerSchool—a third-party software vendor whose platform we, and many other schools in North America and around the world, use to store student and staff information—of a data breach.

Are accounts through PowerSchool secure?
Usernames and passwords were not impacted in this breach.

Who is affected?
All current and former EIPS students who attended EIPS from 2009 onwards and current and former staff who had a PowerSchool account from 2009 onwards.

Students: name, date of birth, grade level, mailing address, Alberta Student Number, parent/guardian names, home phone number, graduation year and some emergency contact and medical information (for example, doctors' names and phone numbers)

Staff: name, work email address, employee ID, PowerSchool username (firstname.lastname)

Note: Data taken for former students and staff would have been accurate as of the last time they were enrolled or employed with the Division, respectively.

Documents (for example, birth certificates) uploaded within PowerSchool were not impacted as a result of this incident.

Were photos accessed?
No staff or student photos were accessed in this incident.

What happens next?
We will be contacting guardians of currently enrolled students and current staff directly with a letter to share information about the incident and any recommendations on steps you can take to protect your and your child’s information. Students not currently enrolled and staff no longer employed who are impacted by this data breach are contacted through this website notice. If there are any important updates, we will release it through our website.

In the meantime, questions can be submitted via the Division website online contact form or directly with your school administration.