the Recorder on March 20, 2025
MONTEREY — Former and current students and staff at Highland County Public Schools should be aware their personal data has been compromised through a program used by the district called PowerSchool.
Those impacted may receive an email from PowerSchool which states, “As you may know, PowerSchool provides software and services to your current or former school or the current or former school of a person to whom you are a parent or guardian. In compliance with state laws, we are writing to share with you some important information regarding a recent cybersecurity incident involving personal information belonging to the named individual.
“On Dec. 28, 2024, PowerSchool became aware of a cybersecurity incident involving unauthorized exfiltration of certain personal information from PowerSchool Student Information System (SIS) environments through one of our community-focused customer support portals, PowerSource,” according to the letter.
The following information may have been accessed: Name, contact information, date of birth, Social Security number, limited medical alert information, and other related information.
Gary Lane, technology director at the school, said the breech impacts those who attended or worked at HCPS from 2008 to the present time.
The letter said PowerSchool is offering two years of complimentary identity protection services to students and educators whose information was involved. For adult students and educators whose information was involved, this offer will also include two years of complimentary credit monitoring services. If your personal information was involved and you are interested in enrolling in credit monitoring or identity protection, follow the steps for either Option 1 over 18 or Option 2 under 18 at: www.powerschool.com/security/sis-incident/
“As soon as PowerSchool learned of the incident, PowerSchool engaged cybersecurity response protocols and mobilized senior leadership and third-party cybersecurity experts to conduct a forensic investigation of the scope of the incident and to monitor for signs of information misuse. We are not aware at this time of any identity theft attributable to this incident,” the letter states. “You are encouraged to remain vigilant against incidents of identity theft and fraud by reviewing account statements for suspicious activity. PowerSchool will never contact you by phone or email to request your personal or account information.”
If you have any questions or concerns, call PowerSchool at 833-918-9464, Monday through Friday, 8 a.m. to 8 p.m. central time.
Highland County Public Schools posted notices of the PowerSchool letter on its website and social media March 17 to alert current and former students and staff of a data breach.
Lane said data from all students and staff since 2008 was stolen in this hack. “It took all the graduated students, too — all of them,” Lane said. “The issue is, we don’t know how to contact them.”
Lane clarified that PowerSchool was hacked, and the hackers obtained valid sign-in credentials to get access to HCPS’s PowerSchool program. “We didn’t get hacked,” Lane said of the school’s network.
Lane said PowerSchool notified him of the breach on Jan. 7 and the school’s security company, Scinary, called him Jan. 8. He said PowerSchool was sending out emails to those students and staff for which the school has current email addresses.