By Corey McDonald/VTDigger
According to state education officials, the personal data of students and staff at several dozen Vermont school districts may have been compromised in a nationwide data breach of a student information system. PowerSchool, a California-based company that provides a student information system and cloud software used by 39 school districts in Vermont, told its customers on Tuesday, Jan. 7, that the personal data of students, staff, and faculty of school districts throughout the country were hacked.
According to a report from TechCrunch, the company serves more than 75% of students in North America, and its software is used by roughly 16,000 customers to support more than 50 million students in the U.S.
Schools use the software to manage student records, grades, attendance, and enrollment.
It is unclear how many school districts in Vermont were affected by the data breach. Lindsey Hedges, a spokesperson for the state Agency of Education, said in an email that not all of the 39 districts that use PowerSchool were affected but noted that the agency “will continue to work with districts and remain in contact as the full impact of the incident unfolds.”
Champlain Valley School District was among the affected districts. Adam Bunting, the district’s superintendent, said in a letter to families that “the Agency of Education is actively working with PowerSchool to determine the next steps.”
“We understand that the situation is concerning and will keep you informed as we learn more,” Bunting wrote in the letter.
In a phone interview, Bunting said PowerSchool informed the district that the breached personal information of faculty and staff mainly included things like contact information.
“The information, as far as we understand, does not include things like Social Security numbers,” he said. “The initial information we have is that it’s more about contact information.”
Student information, Bunting said, may include names, addresses, emails, and birthdates.
A spokesperson for PowerSchool, Beth Keebler, said in an emailed statement that the company “takes our responsibility to protect student data privacy and act responsibly as data processors extremely seriously… Our priority is to support our customers through this incident and to continue our unrelenting focus on data security.”
TechCrunch reported that hackers successfully breached the company’s system, and it was made aware of the breach on or around Dec. 28. “As soon as we learned of the incident, we immediately engaged our cybersecurity response protocols and mobilized a cross-functional response team, including senior leadership and third-party cybersecurity experts,” the company stated, adding that it does not anticipate the data being shared or made public.
Zoie Saunders, Vermont’s secretary of education, said in correspondence to superintendents of the affected districts that the impact of the breach may vary from district to district. “We understand that this news may be concerning, but please be assured that the agency takes incidents involving student information very seriously and is committed to ensuring that all necessary measures are in place to safeguard it,” she wrote.
