Schools in the Simcoe Muskoka Catholic District School Board have been caught up in a data breach with a computer program used in schools across North America.
On Monday, Jan. 7, PowerSchool, the Catholic board’s student information system provider, told the SMCDSB and other school boards in Ontario that they experienced a data breach between Dec. 22 to 28, 2024.
“We understand that this news may be concerning to some of our families, and we want you to know that we are taking this matter very seriously,” wrote the board's director of education Francis Bagley in a letter sent home to families on Jan. 8.
“PowerSchool has taken full responsibility for this breach. They have acted swiftly to address the situation and are providing affected school boards with details and support,” she wrote.
Representatives from the Simcoe County District School Board said on Thursday that at this point, there is no indication that their students’ data was breached.
PowerSchool is an application used by the Catholic and public board to store student demographic and class information, as well as a limited amount of school-based staff information.
Other school boards, including Toronto and Durham Region were also impacted. California-based software company PowerSchool claims its products are used by 76 per cent of Canadian students on its website.
According to information provided to the Catholic school board by PowerSchool, core data for students such as names, addresses, some demographic information and parent/guardian contact information has been compromised.
Information not accessed through the breach included notes about students, student images, report card data, special education information, attendance data, financial information and passwords.
“The breach occurred when hackers accessed a PowerSchool support portal using a compromised PowerSchool credential, e.g., username/password,” wrote Bagley.
“PowerSchool worked closely with third-party experts to negotiate with the hackers and they have strong confidence that the situation has been resolved. They do not anticipate the data being shared or made public and believe it has been deleted without replication or dissemination,” she said.
Bagley said the board's network has not been compromised through the breach, and that a question and answer document will be sent out to families within the board within the week. If parents have specific questions they’d like answered, they are encouraged to email them to [email protected] or call 705-722-3555 ext. 319.
- With files from Bailey Moreton
