PowerSchool, the company that provides our student information management system, notified school districts across the country on January 7 of a data breach as a result of a cybersecurity incident on December 28. It is important to note that this breach occurred within PowerSchool’s hosted environment, not within the USD 497 district network. The company shared that an unauthorized party gained access to its data using a compromised credential and remote access to account information. According to PowerSchool, the breach is now contained but may have affected personally identifiable information of school district employees and/or students and families nationally and internationally.
Following PowerSchool’s instructions, our technology data team performed an initial audit of our server logs to determine if our local data had been compromised. This audit indicated that our local data was not accessed or exported as a result of the breach. A member of our team described it this way, “an unauthorized account knocked on our door, but could not get in.” While we are reassured by the strength of our district’s network and its ability to protect our data, we continue to work with PowerSchool to verify our findings, learn more about this incident, and to demand assurances from PowerSchool that the company has implemented the necessary security measures to prevent anything like this in the future.
We expect and rely on this platform to safeguard our data and this incident does not hold to our high level of expectations. Lawrence Public Schools takes seriously our responsibilities to protect the privacy of your personal information. This breach of PowerSchool’s data security not only violates our expectations for district vendors, it violates board policy and Kansas law. You may be interested to read further in this EdWeek article, published yesterday. We greatly appreciate your patience as we continue to investigate and work with PowerSchool to verify our initial findings that our local data was not compromised. As we receive additional details from PowerSchool about any impacts of this breach, we will communicate this information directly with parents, guardians, and employees.
