The software, used by numerous schools for student and staff information and data, was affected by a breach discovered on Dec. 28 involving “unauthorized access to certain PowerSchool SIS information through one of our community-focused customer portals, PowerSource,” PowerSchool said in a statement.
School systems in Connecticut that were affected by the cybersecurity attack include Montville and Wallingford, as well as the Region 1 and Region 16 School Districts, school officials said in statements to the community. Officials with the Cromwell and Newington school systems said they were notified by PowerSchool that their student and staff data may have also been compromised.
Most school communities said they were notified of the breach on Tuesday.
“PowerSchool has not yet provided a list of impacted students and/or employees to the Board of Education,” Wallingford school officials wrote in a statement. “If you or your child has been affected by this incident, we will contact you directly via email with additional information.”
According to the Region 1 School District, the issue affected schools “locally, nationally and internationally.”
Officials with Regional School District 16 said the breach involved an “unauthorized party” that “gained access to certain SIS customer data, including Region 16 data, through a compromised credential in PowerSchool’s customer support portal.”
“PowerSchool does not anticipate the data being shared or made public, and they believe that it has been deleted without any further replication or dissemination,” Region 16 officials wrote.
“Newington Public Schools has been informed that some information may have been compromised in a potential breach of the PowerSchool Student Information System,” Newington school officials said in a statement. “The system contains student and staff data that is housed off-site.
“PowerSchool is actively investigating the causes and extent of the breach, and we will share updates with you as we receive them,” Newington officials added. “At this time, PowerSchool reports that the data has been deleted and that no additional copies exist.”
PowerSchool officials said once the company learned of the breach they “immediately engaged our cybersecurity response protocols and mobilized a cross-functional response team, including senior leadership and third-party cybersecurity experts.”
“PowerSchool is committed to protecting the security and integrity of our applications,” the company said in a statement. “We take our responsibility to protect student data privacy and act responsibly as data processors extremely seriously. Our priority is to support our customers through this incident and to continue our unrelenting focus on data security.
“PowerSchool is not experiencing, nor expects to experience, any operational disruption and continues to provide services as normal to our customers,” PowerSchool officials wrote.
According to the Region 16 School District, PowerSchool contracted a third-party to assist with the breach. An incident report is expected to be completed by Jan. 17.
©2025 Hartford Courant. Visit courant.com. Distributed by Tribune Content Agency, LLC.
