Skip to main content
District

Notification of Global PowerSchool Cybersecurity Incident Impacting District Data

Posted Date: 01/08/25 (07:00 PM)
View Original Post


Ottumwa Community School District
Dear Ottumwa Schools Families,

We are reaching out to inform you about a cybersecurity incident involving PowerSchool, a platform utilized by our district. On December 28, 2024, PowerSchool became aware of unauthorized access to certain information on its Student Information System (SIS). This breach was part of a global incident affecting multiple districts across the country, including Ottumwa Schools. This was not a localized incident.

What Happened?
Unauthorized access to PowerSchool’s SIS occurred on December 22, 2024. PowerSchool identified the issue on December 28, 2024, and notified customers, including our district, on January 7, 2025.

What Information Was Involved?
This breach includes personally identifiable information (PII) for a significant number of students, staff, and families within our district. Our IT team has confirmed that the following information may have been accessed:
  • For Students: PII such as Social Security Numbers (SSN), dates of birth (DOB), addresses, medical alerts, and additional sensitive fields.
  • For Staff: PowerSchool usernames and passwords, phone numbers, teacher numbers, and, for approximately 10 staff members, SSNs.

PowerSchool has assured us there is no evidence of misuse or public dissemination of the breached data. Additionally, PowerSchool engaged CyberSteward, a professional advisor, who has provided reasonable assurances that the data has been deleted without further replication or dissemination.
What Actions Are Being Taken?
  • Credit Monitoring: PowerSchool is offering credit monitoring for affected adults and identity protection for affected minors. Eligible individuals will be notified as more details become available.
  • Improved Security Measures: PowerSchool has enhanced its password policies, access controls, and monitoring systems to prevent future breaches.
  • District IT Response: Our IT team is actively implementing additional measures to strengthen our systems.

How Does This Affect You?
As a precaution, we recommend the following steps to protect your information:
  1. Change Passwords: If you have a PowerSchool account, update your password to a strong, unique one. If you use this for additional personal accounts, we recommend you change your password. 
  2. Monitor Accounts: Regularly review accounts for suspicious activity.
  3. Beware of Phishing: Be cautious of unsolicited emails or messages related to PowerSchool or Ottumwa Schools. Do not click on unknown links or provide personal information.
  4. Update Contact Information: Ensure your contact details in PowerSchool are accurate to receive timely updates.

Next Steps
In the coming weeks, specific instructions will be announced for those eligible to access credit monitoring and identity protection services. Only individuals eligible for credit report monitoring will receive the notice containing these details.

If you have any questions, please do not hesitate to contact the Ottumwa Community School District via email at support@ottumwaschools.com. You may also fill out this form with your questions: PowerSchool Cyber Security Incident.
Thank you for your understanding and patience as we navigate this matter.

Sincerely,
Michael McGrory
Superintendent
Ottumwa Community School District
 
Ottumwa: Be The Best!
ottumwaschools.com