PowerSchool 2024 Data Breach

Email Content Sent to Parents/Guardians on March 27, 2025

We are sharing the following information on behalf of PowerSchool regarding a security breach that occurred on December 28, 2024. As a precaution, PowerSchool is offering free credit monitoring services, and the details below provide instructions on how to enroll.

It is important to note that Cache County School District does not collect or store Social Security numbers in PowerSchool; therefore, this information was not compromised. 

We remain committed to continuously evaluating our security measures to ensure the highest level of protection for our district’s data. PowerSchool is currently the primary technological framework used by the district, and transitioning to a new system is a complex process.

For more information and instructions to enroll in free credit monitoring, please visit the link below. 

PowerSchool Security Incident

We will share new information from PowerSchool as it becomes available.

PowerSchool has initiated the process of notifying individuals whose information was determined to be involved in their recent data breach. They have engaged Experian, a trusted credit reporting agency, to provide complimentary identity protection and credit monitoring services to current and former students and educators that had information exfiltrated from PowerSchool SIS. In the coming weeks, Experian (on behalf of PowerSchool) will be distributing direct email notifications to involved individuals (or their parent/guardian, as applicable) for whom PowerSchool has sufficient contact information.

Additionally, PowerSchool has worked with Experian to set up a dedicated, toll-free call center to answer any questions associated with these offerings and the incident. All the information regarding the activation of and access to these services will be included in the email sent to you by Experian. Whether or not you receive an email, you may also visit PowerSchool’s website to learn how to activate the offering from Experian, linked here: http://www.powerschool.com/security/sis-incident/notice-of-united-states-data-breach/.

Protecting our students and teachers remains our top priority. Thank you again for all of your support and understanding during this time.

PowerSchool is an education software company that supports over 60 million students and 18,000 customers worldwide. It serves as the student information system (SIS) our district uses to manage student data, including grades, scheduling, attendance, and other education records.

PowerSchool informed our leadership team on Tuesday, January 7, 2025, that they experienced a cybersecurity incident involving unauthorized access to certain PowerSchool SIS customer data. While our PowerSchool data is stored on a district server, the company maintains credentials to our PowerSchool systems so they can provide support to our customers. These credentials, housed at PowerSchool, were compromised and were used to obtain unauthorized access to PowerSchool systems and data throughout the country, including our district and at least five other districts in Utah.

PowerSchool reported the following student information was compromised during their data breach:

• Student state and district identification numbers
• Student names
• Enrollment status, grade level, schedules, year of graduation, and school location
• Gender, ethnicity, date of birth, address, and phone number
• Parent and emergency contact information (names, addresses, and phone numbers)
• Other details, such as lunch balances, fee waiver status, and locker numbers

NOTE - Cache County School District does not collect nor store social security numbers in PowerSchool, so this information was not compromised. 

While teacher data was included in the breach, the information stored in PowerSchool was largely limited to first and last names and email addresses, with other minor information potentially affected. There were no social security numbers, payroll information, or other critical data compromised. Only staff members with accounts in PowerSchool were included in the breach; other staff would not have been impacted.

PowerSchool representatives have assured us that data obtained during this breach is now contained and that there is no ongoing threat. They stated that the data has been deleted, no backup copies were made, and the data will not be shared or made public. PowerSchool will continue researching this incident and will communicate with districts about next steps for protecting private data. We will share that information with you as soon as we receive it.

Please note that this breach involves PowerSchool’s systems and platforms and was not the result of a security lapse in district IT systems. While we do utilize external systems that sync our student data, we are very thoughtful about which have access to sensitive information. Due diligence is performed to limit the data provided to these partners while still making the desired services possible. We have privacy agreements in place for all external systems where student data is stored.

Cache County School District takes data security and privacy very seriously. We truly care about protecting student and staff data. Further information will be communicated to individuals who have been affected as we work to determine the scope of impact and as PowerSchool contacts us with additional information (including resources and next steps). Thank you for your understanding and patience as we navigate this situation.