Noblesville Schools among those hit by PowerSchool cybersecurity breach

By GREGG MONTGOMERY
WISH-TV | wishtv.com

Software that contains personal and private information about schoolchildren and teachers has been breached, and Indiana schools are affected.

Indiana Secretary of Education Katie Jenner in a newsletter sent to schools on Friday that the state Department of Education is aware of the breach and is “supporting affected schools by simplifying the reporting of this breach according to state statute.”

Indiana Office of Technology told News 8 on Friday that it didn’t have any insight into how many schools used PowerSchool.

PowerSchool serves schools in the United States and Canada. In a statement sent to News 8 on Thursday night, a PowerSchool spokesperson said it will provide “affected customers, families, and educators with the resources and support they may need as we work through this together.”

PowerSchool also says it discovered the “cybersecurity incident” on Dec. 28.

A spokesman for the North Carolina Department of Public Instruction says PowerSchool informed it of the cybersecurity breach about 2 p.m. Tuesday, according to information from CNN Newsource. PowerSchool told North Carolina officials that it discovered the breach Dec. 28 after the threat began Dec. 19.

Breaches have been reported in numerous schools across the United States.

In Indiana, Brownsburg Schools, Indianapolis Public Schools, and Noblesville Schools are among those affected, News 8 has learned.

Brownsburg says the national cybersecurity breach Wednesday night compromised data that could include students names, Social Security numbers, dates of birth, and contact information. “The Indiana Department of Education is filing a possible breach to the Indiana Office of Technology per state code,” the Brownsburg message said.

Noblesville’s message to families and staff said, “Unfortunately, some of our Noblesville Schools students and employee data was compromised as part of this breach.”

“This unauthorized access was not unique to Noblesville and could not have been prevented locally,” the Hamilton County school district’s message added.

PowerSchools website touts endorsements from Career Academy South Bend, and Hamilton Southeastern Schools’ Riverside Intermediate School in Fishers. Career Academy South Bend’s district data coordinator said in that endorsement, “PowerSchool has helped our school to navigate, direct, and help parents with their students to access grades, missing assignments, and notes from teachers. PowerSchool has also helped me as a new employee in the school district to revamp and make reports, conflicts, and daily functions become easy.”

Some cybersecurity experts nationally were recommending parents secure their children’s credit reports by requesting security freezes from each of the three national credit bureaus. Also, students and parents should change their passwords to PowerSchool.

Statement from PowerSchool

“On December 28, 2024, we became aware of a potential cybersecurity incident involving unauthorized access to certain PowerSchool SIS information through one of our community-focused customer portals, PowerSource. PowerSchool is not experiencing, nor expects to experience, any operational disruption and continues to provide services as normal to our customers.

“As soon as we learned of the incident, we immediately engaged our cybersecurity response protocols and mobilized a cross-functional response team, including senior leadership and third-party cybersecurity experts.

“PowerSchool is committed to protecting the security and integrity of our applications. We take our responsibility to protect student data privacy and act responsibly as data processors extremely seriously.

“PowerSchool is committed to providing affected customers, families, and educators with the resources and support they may need as we work through this together.”

Statement from Indiana Secretary of Education Katie Jenner

“IDOE is aware of the nationwide data breach which has impacted some PowerSchool customers in Indiana and across the country. Because schools contract directly with PowerSchool, incident management is being handled by PowerSchool directly with their school customers.

“Our team has also spoken to and are committed to supporting affected schools by simplifying the reporting of this breach according to state statute. We appreciate your continued commitment to cybersecurity and want to make this process as seamless as possible. That is why technology leaders in affected schools will not need to fill out the typical data breach notification form on the Indiana Office of Technology’s (IOT) Local Government Services website and should instead reach out to Brad Hagg, IDOE’s Director of Educational Technology, who is coordinating information and will report this breach, on behalf of all impacted Indiana schools, to IOT.

“As with any data breach, impacted schools are encouraged to provide ongoing communication with parents and families as additional information becomes available. Schools should also consult with their legal counsel and notify their cybersecurity insurance provider, if applicable.”

This story was originally published by WISH-TV at wishtv.com/news/education/powerschool-cybersecurity-breach-indiana-january-2025.