PowerSchool breach: Data of more LI school districts compromised, officials say
Glen Cove Senior High School on Dosoris Lane in Glen Cove. Credit: Newsday / Audrey C. Tiernan
At least six additional Long Island school districts were impacted by a nationwide data breach of a cloud-based software provider, potentially exposing the personal information of students and staff, according to district officials.
The Glen Cove, Hicksville, Jericho, Lynbrook, Middle Country Central and West Hempstead school districts alerted their communities last week that PowerSchool, the cloud-based software company, experienced what the company called a "cybersecurity incident" on Dec. 28.
The California-based company provides student information services to 18,000 customers and more than 60 million students worldwide, according to its website.
"This incident involved unauthorized access to our SIS [student information system] database," Glen Cove Superintendent Maria L. Rianna said in letter. "Please be assured no other systems have been impacted by this data breach."
The districts join a list of schools impacted affected by the breach, which may have affected hundreds around the country. Newsday previously reported that on Long Island the Massapequa, Smithtown Central and Uniondale school districts, as well as Nassau BOCES, were affected by the breach.
PowerSchool is known to store information such as names, addresses, emails, transcripts, phone numbers and medical records, district officials said.
The software company told Newsday on Sunday that "PowerSchool is not experiencing, nor does it expect to experience, any operational disruption and continues to provide services as normal to our customers. We have no evidence that other PowerSchool products were affected as a result of this incident."
An unauthorized party gained access to PowerSchool’s customer data through an employee’s compromised credentials, the company has told schools districts.
"We can confirm that the information accessed belongs to certain [student information system] customers and relates to families and educators, including those from your organization," the company wrote in a letter to affected school districts. "The unauthorized access point was isolated to our PowerSource portal. As the PowerSource portal only permits access to the SIS database, we can confirm no other PowerSchool products were affected as a result of this incident."
Some of the districts affected by the breach said they are working with their technology teams and PowerSchool to address the breach.
"The Hicksville Technology Department has established plans and procedures to address cyber incidents, including informing the Hicksville community," Hicksville Superintendent Theodore Fulton said in a letter. "We are committed to transparency and will continue to share information as it becomes available."
Some districts have required students and parents to reset PowerSchool passwords and stay vigilant of suspicious emails.
West Hempstead Superintendent Daniel Rehman said on the district website that PowerSchool "revoked compromised credentials, strengthened password policies and security measures, engaged external cybersecurity experts, notified law enforcement and continued investigating for evidence of data replication or public dissemination."
Jericho Superintendent Henry Grishman said Monday that the district’s technology department has "put in place protections for any further release information through PowerSchool."
"We’ve been reassured by PowerSchool that the breach has been corrected," he added.
Lynbrook school officials said in a letter that they were notified of the breach and will provide updates as they learn more about the incident.
With Joshua Needelman
