What happened?

On December 28, 2024, PowerSchool, a third-party service provider used by the Superior North Catholic District School Board, became aware of a cybersecurity incident involving unauthorized access to certain PowerSchool Student Information System (SIS) information.

On January 7, 2025, PowerSchool notified us of the incident and that personal information of our students and educators may have been impacted.

Who was affected?

Many public boards and private schools across North America who use PowerSchool SIS were affected by this incident.

What data was compromised?

We have worked with PowerSchool to determine that the following Board information was affected:

For all students who have been enrolled in Superior North Catholic District School Board since 2015, the information affected includes:

• Name (First, Last)
• Date of birth
• Home and/or mailing address
• Gender
• Current grade level
• Student number
• Ontario Education Number (OEN)

For some students, the following additional information was also affected:

• Medical alert notes
• Home phone
• Enrollment arrival and departure dates
• Emergency contact names and phone numbers
• Guardian email
• Parent/guardian custodial status
• Doctor’s name and phone number
• Parents names
• Notes regarding reasons for transferring between schools

With respect to medical alert information, if you provided information to your child’s school about your child’s allergies, medical conditions or injuries when completing the start of school year forms, this information was included in the data that may have been accessed or acquired. Please note that medical information provided to members of Superior North Catholic District School Board’s community partners and external consultant teams (e.g. Psychologists, Occupational Therapists, Physiotherapists, Audiologists, Speech-Language Pathologists, and Social Workers) was not impacted by this incident.

This incident did not compromise any of the following information: financial information, social insurance number (SIN), health assessment information, medical records, student academic grades, IEPs or accommodations.

Educator information:

For all board staff with PowerSchool SIS (educators, administrative assistants, principals and other board support staff) who have worked in Superior North Catholic District School Board since 2019, the information affected includes:

• Full name, employee ID, school(s) of employment, and board email address.

For some staff, the following additional information was also affected:

• Title, Home address information, home phone number

Staff without a PowerSchool SIS account were not impacted.

What steps are you taking to prevent this from happening again?

Although this cyber incident did not take place in a Superior North Catholic District School Board environment, as part of our own investigative process, we are working with industry experts and using this incident as an opportunity to review our vendor retention practices and improve how we protect personal information.

Where can I learn more about the incident?

PowerSchool has posted an FAQ on their website to share information, which includes steps they have taken to address this incident and protect student, family and educator information moving forward.
Visit: https://www.powerschool.com/security/sis-incident/

Did the Board notify the Office of the Information and Privacy Commissioner?

Yes, the Board has notified and is working with the Ontario Information and Privacy Commissioner in responding to this incident. While you are entitled to file a complaint, the IPC has advised that it is not necessary as they are already investigating the matter. You can visit the IPC’s website at www.ipc.on.ca.

Was any credit card or banking information involved in this incident?

No. Both PowerSchool and the Board’s own internal investigation can confirm that there is no evidence of any credit card or banking information being compromised.

Is there any indication that compromised information has been released?

PowerSchool has reported that it received confirmation that the data acquired by the unauthorized user was deleted and that the data was not posted online.

Why were you keeping my student data if I was no longer enrolled in the board?

We keep information about former students in accordance with provincial requirements under the Education Act and to respond to former student information requests. We are taking this opportunity to assess our records retention practices to ensure that we are only keeping what is necessary to conduct the Board’s business.

I attended the Superior North Catholic District School Board many years ago. Was my information impacted?

Our PowerSchool SIS stores data for students who attended a Superior North Catholic District School Board school from 2015 onwards. If you were a Superior North Catholic District School Board student prior to this, your information was not impacted as part of this incident.

Can I opt out of PowerSchool?

Not at this time. Superior North Catholic District School Board is using this incident to review the information practices of all of its vendors.

Is the Board changing vendors?

Not at this time.

Were all PowerSchool products impacted?

No. Only PowerSchool SIS was impacted by this incident. Other PowerSchool tools, like SchoolMessenger, were not impacted.

I have additional questions not addressed by these FAQs.

If you have additional questions, please contact us at [email protected]

---

Credit Monitoring and Identity Protection Update

PowerSchool is offering two years of complimentary identity protection services, provided by Experian, to students and educators whose information was involved. For involved students and educators who have reached the age of majority, in addition to Experian’s identity protection services, PowerSchool is also offering two years of complimentary credit monitoring services provided by TransUnion.

To be clear, all students and educators, past and present, can sign up for Experian’s services. Only adults can sign up for TransUnion’s services. PowerSchool is not offering these services to parents, guardians or emergency contacts.

Since the incident, PowerSchool has monitored for signs of information misuse. They have reported that they are not aware at this time of any identity theft attributable to this incident. That said, we encourage all to sign up for these complimentary services.

PowerSchool has provided instructions for signing up for these services here, and we reproduce the instructions below, as well.

PowerSchool’s online notice, linked above, suggests that Social Insurance Number was affected for some Boards. Superior North Catholic District School Board does not store any Social Insurance Numbers in the PowerSchool Student Information System, so that information was not affected in any way.

Offer: Experian Identity Protection Services – Available to All Involved Students and Educators

Enrollment Instructions for Experian IdentityWorks

• Ensure that you enroll by May 30, 2025 (Your code will not work after this date at 5:59 UTC)
• Visit the Experian IdentityWorks website to enroll: https://www.globalidworks.com/identity1
• Provide your activation code: MPRT987RFK
• For questions about the product or help with enrollment, please email [email protected]

Details Regarding Your Experian IdentityWorks Membership
A credit card is not required for enrollment in Experian IdentityWorks. You can contact Experian immediately regarding any fraud issues, and have access to the following features once you enroll in Experian IdentityWorks:

• Internet Surveillance: Technology searches the web, chat rooms & bulletin boards 24/7 to identify trading or selling of your personal information on the Dark Web.
• Fraud Remediation Tips: Self-help tips are available on your member center.

Offer: TransUnion Credit Monitoring Services – Available to Involved Students and Educators Who have Reached the Age of Majority in their Applicable Province or Territory

Enrollment Instructions for TransUnion myTrueIdentity

• Please visit http://www.powerschool.com/security/canada-credit-monitoring/. There you will find a link to the validation website, https://CaCreditMonitoringValidationPage-PowerSchool.com/, where you will be prompted to validate your information by entering your first name, last name and year of birth.
• If your identity is validated, a pop up will appear that provides an activation code and provides you a link to TransUnion’s myTrueIdentity site to enroll.

Details Regarding your myTrueIdentity Membership

Upon completion of the online enrollment process, you will have access to the following TransUnion myTrueIdentity features:

• Unlimited online access to your TransUnion Canada credit report, updated daily. A credit report is a snapshot of your financial history and one of the primary tools leveraged for determining credit-related identity theft or fraud.
• Unlimited online access to your CreditVision® Risk credit score, updated daily. A credit score is a three-digit number calculated based on the information contained in your TransUnion Canada credit report at a particular point in time.
• Credit monitoring, which provides you with email notifications to key changes on your TransUnion Canada credit report. In today’s virtual world, credit alerts are a powerful tool to help protect you against identity theft, enable quick action against potentially fraudulent activity and provide you with additional reassurance.
• Access to online educational resources concerning credit management, fraud victim assistance and identity theft prevention.
• Access to Identity Restoration agents who are available to assist you with questions about identity theft. In the unlikely event that you become a victim of fraud; a personal restoration specialist will help to resolve any identity theft. This service includes up to $1,000,000 of expense reimbursement insurance.
• Dark Web Monitoring, which monitors surface, social, deep, and dark websites for potentially exposed personal, identity and financial information and helps protect you against identity theft.

PowerSchool has provided a call centre to address questions regarding these services. If you have any questions or concerns about this notice, please call 833-918-7884, Monday through Friday, 8:00 am through 8:00 pm Central Time (excluding major US holidays). Please be prepared to provide engagement number B138905.

Should you have any questions for the Superior North Catholic District School Board about this notice, please do not hesitate to contact us at [email protected].