Good afternoon. Below is correspondence from PowerSchool on their response to the December Cybersecurity Incident:
Dear Valued Customers,
We sincerely appreciate your continued support as we respond to our recent cybersecurity incident. Since our last update, we have initiated the process of notifying involved individuals about the resources now available to them. As part of this process, we have posted a notice to our website. Credit monitoring and identity protection services are now activated and available.
In the coming weeks, Experian (on behalf of PowerSchool) will also be distributing direct email notifications to involved individuals for whom we have sufficient contact information. This email notice will include further information about the information of theirs involved and the resources PowerSchool is offering. Additionally, we have coordinated with Experian to set up a call center for your families and educators in case they have questions about these offerings.
As a reminder, PowerSchool is offering two years of complimentary identity protection services for all current and former students and educators whose information was determined to be involved. We are also offering two years of complimentary credit monitoring services for all adult students and educators whose information was determined to be involved. We are doing this regardless of whether an individual’s Social Security Number was exfiltrated.
We care deeply about keeping the students, families, and educators we support informed of this process. Please refer inquiring community members to the PowerSchool website for the latest information on the cybersecurity incident. We acknowledge the significance of this incident and are committed to emerging from it stronger and better equipped to serve you and the communities we share.
Sincerely,
Hardeep Gulati
Chief Executive Officer, PowerSchool
The following message was sent to families at 9:02am on January 28, 2025, via School Messenger
Good morning,
PowerSchool has informed our district that it will be sending information to individuals whose data was accessed during the cybersecurity incident that happened last month. According to PowerSchool:
In the coming days, PowerSchool will begin providing formal legal notice of the cybersecurity incident to current and former students (or their parents / guardians as applicable) and educators whose information was determined to be involved.
A direct email notification will be distributed by Experian on behalf of PowerSchool in the coming weeks to applicable current and former students (or their parents / guardians as applicable) and educators for whom we have sufficient contact information. PowerSchool will also launch a website and distribute a media release to ensure we reach as many involved individuals as possible and provide them with resources to protect their information. Importantly, these notices will include instructions for involved individuals on how to enroll in the credit monitoring and identity protection services that are being offered by PowerSchool.
For those former students and employees whose contact information in PowerSchool may not be current, PowerSchool will have a website and reach out via traditional and social media to facilitate contact with PowerSchool. This will allow those individuals to find out if their information was accessed and provide them with credit monitoring and identity protection services.
We will continue to update you as we receive more information from PowerSchool. All communications and updates regarding the PowerSchool cybersecurity breach can be found on our webpage (https://www.millisps.org/for_staff/power_school_data_breach). You may also directly access the PowerSchool webpage regarding the cybersecurity incident (https://www.powerschool.com/security/sis-incident/).
Bob Mullaney, Superintendent
The following message was sent to families at 5:38pm on January 8, 2025, via School Messenger
Good evening,
As my earlier message this morning noted, PowerSchool has informed us that an unauthorized party gained access to certain PowerSchool Student Information System (“SIS”) customer data using a compromised credential, and that Millis data may have been accessed. A large number of districts have been impacted and PowerSchool is still determining what may have been accessed in each affected district. At this point we don’t know how (or if) Millis has been impacted.
According to PowerSchool, it has “engaged our cybersecurity response protocols and mobilized a cross-functional response team, . . . and also informed law enforcement. . . .Importantly, the incident is contained, and we have no evidence of malware or continued unauthorized activity in the PowerSchool environment.” PowerSchool has indicated that: “We do not anticipate the data being shared or made public, and we believe it has been deleted without any further replication or dissemination.”
PowerSchool has informed us that it will be providing credit monitoring to affected adults and identity protection services to affected minors in accordance with regulatory and contractual obligations. Again, at this time we don’t know if Millis has been affected to this degree.
Millis does not have direct confirmation that it has been impacted. PowerSchool sent a general notice to all districts. We are following up with PowerSchool to find out more information on how Millis was specifically affected and for more details on the incident. As we receive more information, we will relay this to families and the community and to any specific individuals impacted.
Thank you,
Bob Mullaney, Superintendent
The following message was sent to families at 10:27am on January 8, 2025, via School Messenger
Good morning,
We have been made aware that PowerSchool, our Student Information System provider, is currently investigating a recent data security incident and that it is likely that some student and staff information in our district has been affected. The potentially impacted data may include student and teacher information such as names, addresses, contact details, and grades as well as parent/guardian information. We are currently gathering more information about this incident and how it may have impacted our school community. A number of other districts in the state and country may have been affected as well and PowerSchool is working with all the districts potentially affected. We understand that data security incidents are concerning and we are committed to protecting the privacy of our students and staff. The school will provide further updates and recommendations on things families might do to mitigate the impact of the data breach as soon as more information becomes available.
The following message was sent to teachers at 10:26am on January 8, 2025, via internal email
Good morning,
We have been made aware that PowerSchool, our Student Information System provider, is currently investigating a recent data security incident and that it is likely that some student and staff information in our district has been affected. The potentially impacted data may include student and teacher information such as names, addresses, contact details, and grades as well as parent/guardian information.
We are currently gathering more information about this incident and how it may have impacted our school community. A number of other districts in the state and country may have been affected as well and PowerSchool is working with all the districts potentially affected. We understand that data security incidents are concerning and we are committed to protecting the privacy of our students and staff. We'll keep you informed and provide further updates and advice on things staff might do to mitigate the impact of the data breach as soon as more information becomes available. Ryan and his team have been in contact with PowerSchool and are working towards fully understanding what happened and what we might need to do
Thanks,
Bob