(Update: Info from PowerSchool)

MADRAS, Ore. (KTVZ) – PowerSchool, the student information system used by Jefferson County School District 509J, was hit by a recent cyberattack in which personal files may have been accessed, officials said.

Here is the full statement shared Thursday with school district staff and students’ families, two days after PowerSchool notified the district about the incident:

PowerSchool Cybersecurity Incident

Dear JCSD 509J Community,

Our student information system provider, PowerSchool, has notified our IT Department that JCSD 509J was among PowerSchool’s many worldwide clients whose data may have been accessed during a cybersecurity incident. They became aware of the incident on December 28, 2024.

In light of this disclosure, our IT Department researched access to our system and has confirmed that an unauthorized access to our system occurred on December 22, 2024 via a compromised PowerSchool support account. We are awaiting more information from PowerSchool as the investigation continues; however, we want to ensure our community is aware this is an ongoing situation that is being investigated at this time.

What happened?

According to PowerSchool, an attacker used a compromised credential to access the support system in their PowerSource portal. When PowerSchool became aware of the incident, they notified law enforcement, locked down the system and engaged the services of CyberSteward, a professional advisor with experience in negotiating with threat actors. PowerSchool states that they have received “reasonable assurances from the threat actor that the data has been deleted and that no additional copies exist.”

What data could have been accessed?

JCSD is working with PowerSchool to learn more about what specifically may have been impacted.

Initial information from PowerSchool indicates that Personally Identifiable Information (PII) for staff and students may have been accessed for some districts. This may include contact information, including names and addresses, some life-safety health and grade information for current and former students, and parent/guardian names and addresses. Information for current and former staff members may also be included.

Once PowerSchool confirms the information from JCSD that may have been accessed, we will work with them to ensure that any impacted individuals are notified and that appropriate next steps are taken.

What happens next?

PowerSchool has stated, “While we are unaware of and do not expect any actual or attempted misuse of personal information or any financial harm to impacted individuals as a result of this incident, PowerSchool will be providing credit monitoring to affected adults and identity protection services to affected minors in accordance with regulatory and contractual obligations.”

While PowerSchool is responsible for this incident and its impact, JCSD will be implementing our cyber incident procedures as well as working directly with PowerSchool to direct our further response. Cybersecurity provider CrowdStrike is also working directly with PowerSchool to investigate the incident and anticipates a full report will be available around January 17.

Who can I contact with questions and concerns?

We anticipate PowerSchool will be providing impacted individuals with resources for additional information, which we will share at that time.

JCSD is committed to protecting our student, staff and family data and will continue to communicate about this incident as new information is available.  We will update this page as we receive materials and information from PowerSchool.

Resources

Resources will be available here as we receive them from PowerSchool.

--

PowerSchool provided this update on Monday:

https://www.powerschool.com/security/sis-incident