The district sent information about the breach to parents on Wednesday, Jan. 15, through the Parent Square system.
Lindsey McDowell, the district’s public information and communications coordinator, wrote in an email to the Baker City Herald that the software company, PowerSchool, notified the district about the breach on Jan. 7, but the initial report was that the Baker School District wasn’t affected.
McDowell said the district learned later that the initial report was wrong, and that Baker was among the districts affected.
The district then sent out the notification through Parent Square.
The district has used PowerSchool software to maintain student records, including grades, since at least 2016.
McDowell said district officials are working with PowerSchool to figure out the types of records that could have been accessed illegally.
“No passwords or financial information was impacted by this incident,” according to the notice the district sent through Parent Square.
The types of records that might have been downloaded include names, student ID numbers, parent/guardian contact information, birthdates, dates of enrollment and reasons for a student leaving school, limited medical alert information such as allergies, and whether a student has an Individual Education Plan to address the students’ particular needs.
“Although PowerSchool has assured us that the risk of data dissemination or misuse is low, we remain vigilant and are leveraging all available resources to thoroughly assess the situation,” the district wrote in the notification through Parent Square.
“We recognize that incidents like this can cause significant concern, as protecting the privacy and security of personal information is a top priority. Please know that we are working with PowerSchool to better understand the scope of the cybersecurity incident and to ensure that appropriate measures are taken to safeguard the information. We will keep you informed of developments as they become available from PowerSchool.”
According to the district, PowerSchool discovered the breach on Dec. 28.
McDowell said she doesn’t know why the company didn’t notify the district until Jan. 7.
According to the district, someone used the account of a PowerSchool employee to access the data, which allowed “rapid access to and the downloading off millions of records from schools throughout the country between December 19 and December 24, 2024.”
PowerSchool has hired a cybersecurity firm to investigate the breach, according to the district.
“PowerSchool has implemented additional information security best practices requiring updated credentials for all employees, and restricting access to their support system tools,” the district wrote in its notification. “PowerSchool will also provide credit or identity monitoring services to those impacted depending on the nature of the personal information accessed.”
According to PowerSchool, its software is used in districts with a combined enrollment of 50 million students.
© 2025 the Baker City Herald (Baker City, Ore.). Distributed by Tribune Content Agency, LLC.
