​​​​​​​​​​CBE于1月7日得知涉及PowerSchool的网络安全事件，该系统用于学生信息。我们正在尽一切可能，包括与PowerSchool合作，确定事件的范围以及对家庭和员工可能产生的影响。

自事件发现以来，PowerSchool已通知执法机构，封锁了他们的系统，并更改了所有密码。

在接到这一信息后，CBE限制了对PowerSchool的访问，并正在进一步讨论确定下一步措施。 

虽然我们仍在努力确定可能被访问的内容，但我们可以确认PowerSchool不存储财务信息。 

我们正在尽一切可能了解更多关于此事件的信息。随着更多信息的到来，我们将提供更新。 

如有疑问，请发送电子邮件至 FOIP@cbe.ab.ca​ 或联系阿尔伯塔省信息和隐私专员办公室 oipc@ab.ca。​

来自PowerSchool的消息 ​​

尊敬的客户， 

作为贵方区域或学校的技术联系人，我们致信告知您，PowerSchool在2024年12月28日得知潜在涉及未经授权访问PowerSource社区支持门户的网络安全事件。在接下来的几天里，我们的调查确定了一方未经授权的访问者利用被篡改的凭证访问了特定的PowerSchool学生信息系统（SIS）客户数据，我们遗憾地通知您，您的数据已被访问。 

请查看以下信息并务必与贵方机构的相关安全人员分享。 

一经得知可能的事件，我们立即启动了网络安全响应协议，并组建了跨职能应对团队，包括高级领导层和第三方网络安全专家。我们还通知了执法机构。 

我们可以确认所访问的信息属于某些SIS客户，并涉及来自贵方机构的家庭和教育工作者。未经授权访问点被隔离到我们的PowerSource门户。由于PowerSource门户仅允许访问SIS数据库，我们可以确认此事件不会影响PowerSchool的其他产品。 

重要的是，事件已得到控制，我们没有发现PowerSchool环境中的恶意软件或持续的未经授权活动。PowerSchool不会遭遇，也不预期遭遇任何运营中断，并将继续正常向我们的客户提供服务。 

请放心，我们已采取一切适当步骤，防止进一步未经授权访问或滥用所涉及的数据。我们不预期这些数据会被分享或公开，并且我们相信数据已被删除，没有进一步复制或传播。 

我们还停用了被篡改的凭证，并限制了对受影响门户的所有访问。最后，我们进行了全面的密码重置，并进一步加强了所有PowerSource客户支持门户帐户的密码和访问控制。 

PowerSchool致力与客户通力合作，向贵方的教育工作者、家庭和其他利益相关者传达信息。我们有能力向所有受影响的个人进行彻底的通知程序。在未来几周内，我们请求您的耐心和合作，因为我们共同努力处理此通知程序的细节。 

我们已采取一切适当步骤，进一步防止此事件涉及的信息曝光。虽然我们不知道，也不预期有任何真实或企图滥用个人信息或任何受影响个人因此事件而遭受任何财务损害，但根据监管和合同义务，PowerSchool将向受影响成年人提供信用监控服务，并向受影响未成年人提供身份保护服务。受影响客户的具体信息将根据影响程度而有所不同。我们预计只有受影响客户的子集将有通知义务。 

我们正有序和全面地处理这一情况，并致力向受影响客户提供他们在共同处理此事宜所需的资源和支持。 

感谢您始终的支持与合作。 

此致敬礼， 

哈迪普·古拉蒂
首席执行官 

保罗·布鲁克
首席客户官员 

抄送：米什卡·麦考温
首席信息安全官

​​​​​​​​​​CBE was informed on Jan. 7 of a cybersecurity incident involving PowerSchool, the system used for student information. We are doing everything possible, including working with PowerSchool to determine the scope of the incident and any potential impact on families and staff.

Since the incident was discovered, PowerSchool has notified law enforcement, locked down their system, and changed all passwords.

After receiving this information, the CBE limited access to PowerSchool, and is engaging in further conversations to determine next steps. 

While we are still trying to determine what may have been accessed, we can confirm that PowerSchool does not store financial information. 

We are doing everything possible to learn more about this incident. Updates will be provided as more information becomes available. 

Questions may be directed to FOIP@cbe.ab.ca​ or the Office of the Information and Privacy Commissioner of Alberta at oipc@ab.ca.​

Message from PowerSchool ​​

Dear Valued Customer, 

As the Technical Contact for your district or school, we are reaching out to inform you that on December 28, 2024, PowerSchool become aware of a potential cybersecurity incident involving unauthorized access to certain information through one of our community-focused customer support portals, PowerSource. Over the succeeding days, our investigation determined that an unauthorized party gained access to certain PowerSchool Student Information System (“SIS”) customer data using a compromised credential, and we regret to inform you that your data was accessed. 

Please review the following information and be sure ​to share this with relevant security individuals at your organization. 

As soon as we learned of the potential incident, we immediately engaged our cybersecurity response protocols and mobilized a cross-functional response team, including senior leadership and third-party cybersecurity experts. We have also informed law enforcement. 

We can confirm that the information accessed belongs to certain SIS customers and relates to families and educators, including those from your organization. The unauthorized access point was isolated to our PowerSource portal. As the PowerSource portal only permits access to the SIS database, we can confirm no other PowerSchool products were affected as a result of this incident. 

Importantly, the incident is contained, and we have no evidence of malware or continued unauthorized activity in the PowerSchool environment. PowerSchool is not experiencing, nor expects to experience, any operational disruption and continues to provide services as normal​ to our customers. 

Rest assured, we have taken all appropriate steps to prevent the data involved from further unauthorized access or misuse. We do not anticipate the data being shared or made public, and we believe it has been deleted without any further replication or dissemination. 

We have also deactivated the compromised credential and restricted all access to the affected portal. Lastly, we have conducted a full password reset and further tightened password and access control for all PowerSource customer support portal accounts. 

PowerSchool is committed to working diligently with customers to communicate with your educators, families, and other stakeholders. We are equipped to conduct a thorough notification process to all impacted individuals. Over the coming weeks, we ask for your patience and collaboration as we work through the details of this notification process. 

We have taken all appropriate steps to further prevent the exposure of information affected by this incident. While we are unaware of and do not expect any actual or attempted misuse of personal information or any financial harm to impacted individuals as a result of this incident, PowerSchool will be providing credit monitoring to affected adults and identity protection services to affected minors in accordance with regulatory and contractual obligations. The particular information compromised will vary by impacted customer. We anticipate that only a subset of impacted customers will have notification obligations. 

We are addressing the situation in an organized and thorough manner, and we are committed to providing affected customers with the resources and support they may need as we work through this together. 

Thank you for your continued support and partnership. 

Sincerely, 

Hardeep Gulati
Chief Executive Officer 

Paul Brook
Chief Customer Officer 

cc: Mishka McCowan
Chief Information Security Officer