At iadapt.ca, we believe every immigrant deserves to thrive in their new home. That's why we've created a platform that offers precise mapping tools to help you find the perfect neighborhood, AI realtors to make the home buying process easier, and relevant information to help you navigate life in a new country.
CBE was informed on Jan. 7 of a cybersecurity incident involving PowerSchool, the system used for student information.
CBE于1月7日获悉了涉及PowerSchool的网络安全事件,PowerSchool是用于学生信息的系统。
访问了哪些数据?
PowerSchool建议,被访问的数据包括家长和学生的个人信息。 这包括姓名、出生日期、地址和电话号码。 PowerSchool中还存储了一些教师信息。我们将继续与PowerSchool合作,以确定违规的程度。 我们会在获得更多信息后进行进一步沟通。
我上传了个人文件。 这些文件是否受到损害?
用于注册和警察信息核查的个人文件(如出生证明、驾驶执照和移民文件)被上传到SchoolEngage,而不是PowerSchool。
PowerSchool中存储了哪些信息?
PowerSchool包括学生信息,例如姓名、出生日期、地址和电话号码、学生ID编号以及医疗和监护人备注。 PowerSchool还存储了教师姓名、联系信息和ID编号。
财务信息是否已受损?
根据PowerSchool提供的信息,财务信息没有受到损害。 CBE不会在PowerSchool中存储信用卡或其他财务信息。
未经授权的方面如何访问了PowerSchool?
PowerSchool建议,使用了一个被违规使用的PowerSchool员工凭证获取了访问权限。 一旦被违规使用,就能够访问来自全球多个学区的数据。
是否会提供信用监控服务?
PowerSchool表示,它将按照监管和合同义务为受影响的成年人提供信用监控,并为受影响的未成年人提供身份保护服务。我们将继续与PowerSchool合作,以了解违规的程度和受影响的人员。
我仍然可以访问PowerSchool吗?
可以。 PowerSchool仍然可供学校和家庭使用。
我们应该更改密码吗?
定期更改密码并且不在不同应用程序之间使用相同的密码是一个好的做法。
PowerSchool是否安全可用?
PowerSchool已经采取措施确保其系统的安全,并向我们保证违规已经得到控制。 CBE已经采取额外措施以防止第三方访问。
来自PowerSchool的常见问题解答
CBE在2024年1月7日获悉了涉及PowerSchool的网络安全事件。我们正在尽一切可能,包括与PowerSchool合作,以确定事件的范围,以及对家庭和员工可能造成的任何潜在影响。
自发现该事件以来,PowerSchool已经通知了执法部门,封锁了他们的系统,并更改了所有密码。
在收到这些信息后,CBE限制了对PowerSchool的访问,并正在进一步讨论确定下一步行动。
虽然我们仍在努力确定可能被访问的内容,但我们可以确认PowerSchool并不存储财务信息。
我们正在尽一切可能了解更多关于这一事件的信息。随着更多信息变得可用,我们将提供更新。
可以将问题引导至 FOIP@cbe.ab.ca或Alberta省信息与隐私专员办公室 oipc@ab.ca。
PowerSchool的消息
尊敬的客户,
作为贵校或学区的技术联系人,我们正在此通知您,2024年12月28日,PowerSchool发现了一个可能的网络安全事件,涉及到通过我们的社区客户支持门户PowerSource的未经授权访问某些信息。经查询,我们了解到一方未经授权的方面使用被违规使用的凭证获取了访问PowerSchool学生信息系统(“SIS”)客户数据的权限。我们遗憾地通知您,您的数据已被访问。
请查看以下信息,并确保与贵组织的相关安全人员分享此信息。
一旦我们得知可能发生的事件,我们立即启动了我们的网络安全响应协议,并组织了一支跨职能的应急响应团队,包括高管领导和第三方网络安全专家。我们也已通知了执法部门。
我们可以确认,被访问的信息属于特定的SIS客户,并涉及到家庭和教育工作者,包括来自贵组织的家庭和教育工作者。 未经授权的访问点已被隔离到我们的PowerSource门户。因为PowerSource门户只允许访问SIS数据库,因此我们可以确认,由于此事件,其他PowerSchool产品并未受到影响。
重要的是,此事件已被控制,我们没有发现恶意软件或持续的未经授权的活动存在于PowerSchool环境中。 PowerSchool目前没有受到任何运行中的中断。我们会继续向我们的客户提供正常的服务。
请放心,我们已经采取了一切适当的措施,以防止进一步未经授权的访问或滥用涉及的数据。我们不预期该数据会被分享或公开,并且我们相信该数据已被删除,并没有进一步的复制或传播。
我们还已注销了被违规使用的凭证,并限制了对受影响门户的所有访问。最后,我们已进行了全面的密码重置,并进一步加强了所有PowerSource客户支持门户账户的密码和访问控制。
PowerSchool致力于与客户共同努力,与您的教育工作者、家庭和其他利益相关方进行充分的通知过程。在接下来的几周里,我们请求您的耐心和合作,因为我们共同解决这一通知过程的细节。
我们已经采取了一切适当的措施,以进一步防止该事件影响的信息曝光。虽然我们不知晓并且也不预期由于该事件而对个人信息进行任何实际或试图的滥用,也不会对受影响的个人造成任何财务损害,但根据法规要求和合同义务,PowerSchool将为受影响的成年人提供信用监控和为受影响的未成年人提供身份保护服务。受影响客户的具体信息将因受影响客户而异。我们预计,只有受影响客户的一个子集将有通知义务。
我们正在有组织地和认真地处理这一情况,并致力于为受影响的客户提供可能需要的资源和支持,我们将共同努力解决这一问题。
感谢您一直以来的支持与合作。
谨致问候,
Hardeep Gulati
首席执行官
Paul Brook
首席客户官
抄送:Mishka McCowan
首席信息安全官
What data was accessed?
PowerSchool advised that the data accessed included personal information such as parent and student contact information. This includes names, birthdates, addresses and phone numbers. Some teacher information is also stored in PowerSchool. We continue to work with PowerSchool to determine the extent of the breach. We will communicate further as more information becomes available.
I uploaded my personal documents. Have these been compromised?
Personal documents (i.e., birth certificates, drivers’ licenses, and immigration documents) uploaded for registration and police information checks are uploaded to SchoolEngage, not PowerSchool.
What information is stored in PowerSchool?
PowerSchool includes student information such as names, birthdates, addresses and phone numbers, student ID numbers and medical and guardian notes. PowerSchool also stores teacher names, contact information and ID numbers.
Was financial information compromised?
Based on the information provided by PowerSchool, financial information was not compromised. CBE does not store credit card or other financial information in PowerSchool.
How did the unauthorized party gain access to PowerSchool?
PowerSchool advised that access was gained using a compromised PowerSchool employee’s credentials. Once compromised, access was gained to data from multiple school districts worldwide.
Will credit monitoring be offered?
PowerSchool has indicated that it will be providing credit monitoring to affected adults and identity protection services to affected minors in accordance with regulatory and contractual obligations. We continue to work with PowerSchool to understand the extent of the breach and those impacted.
Can I still access PowerSchool?
Yes. PowerSchool is available for school and family use.
Should we change our passwords?
It’s good practice to change passwords regularly and not use the same password across different applications.
Is PowerSchool safe to use?
PowerSchool has taken steps to secure its systems and has assured us that the breach has been contained. CBE has taken additional measures to prevent third-party access.
FAQ from PowerSchool
CBE was informed on Jan. 7 of a cybersecurity incident involving PowerSchool, the system used for student information. We are doing everything possible, including working with PowerSchool to determine the scope of the incident and any potential impact on families and staff.
Since the incident was discovered, PowerSchool has notified law enforcement, locked down their system, and changed all passwords.
After receiving this information, the CBE limited access to PowerSchool, and is engaging in further conversations to determine next steps.
While we are still trying to determine what may have been accessed, we can confirm that PowerSchool does not store financial information.
We are doing everything possible to learn more about this incident. Updates will be provided as more information becomes available.
Questions may be directed to FOIP@cbe.ab.ca or the Office of the Information and Privacy Commissioner of Alberta at oipc@ab.ca.
Message from PowerSchool
Dear Valued Customer,
As the Technical Contact for your district or school, we are reaching out to inform you that on December 28, 2024, PowerSchool become aware of a potential cybersecurity incident involving unauthorized access to certain information through one of our community-focused customer support portals, PowerSource. Over the succeeding days, our investigation determined that an unauthorized party gained access to certain PowerSchool Student Information System (“SIS”) customer data using a compromised credential, and we regret to inform you that your data was accessed.
Please review the following information and be sure to share this with relevant security individuals at your organization.
As soon as we learned of the potential incident, we immediately engaged our cybersecurity response protocols and mobilized a cross-functional response team, including senior leadership and third-party cybersecurity experts. We have also informed law enforcement.
We can confirm that the information accessed belongs to certain SIS customers and relates to families and educators, including those from your organization. The unauthorized access point was isolated to our PowerSource portal. As the PowerSource portal only permits access to the SIS database, we can confirm no other PowerSchool products were affected as a result of this incident.
Importantly, the incident is contained, and we have no evidence of malware or continued unauthorized activity in the PowerSchool environment. PowerSchool is not experiencing, nor expects to experience, any operational disruption and continues to provide services as normal to our customers.
Rest assured, we have taken all appropriate steps to prevent the data involved from further unauthorized access or misuse. We do not anticipate the data being shared or made public, and we believe it has been deleted without any further replication or dissemination.
We have also deactivated the compromised credential and restricted all access to the affected portal. Lastly, we have conducted a full password reset and further tightened password and access control for all PowerSource customer support portal accounts.
PowerSchool is committed to working diligently with customers to communicate with your educators, families, and other stakeholders. We are equipped to conduct a thorough notification process to all impacted individuals. Over the coming weeks, we ask for your patience and collaboration as we work through the details of this notification process.
We have taken all appropriate steps to further prevent the exposure of information affected by this incident. While we are unaware of and do not expect any actual or attempted misuse of personal information or any financial harm to impacted individuals as a result of this incident, PowerSchool will be providing credit monitoring to affected adults and identity protection services to affected minors in accordance with regulatory and contractual obligations. The particular information compromised will vary by impacted customer. We anticipate that only a subset of impacted customers will have notification obligations.
We are addressing the situation in an organized and thorough manner, and we are committed to providing affected customers with the resources and support they may need as we work through this together.
Thank you for your continued support and partnership.
Sincerely,
Hardeep Gulati
Chief Executive Officer
Paul Brook
Chief Customer Officer
cc: Mishka McCowan
Chief Information Security Officer
Contact Us : contact@iadapt.ca
Office Address : Social Innovation Hub Unit #290, 3553 31 St NW Calgary, AB, Canada T2L 2K7 (Please contact us in advance for visiting)
