London Catholic school board says student, staff info compromised in widespread cyber attack
The Thames Valley District School Board said it is not affected by PowerSchool breach
The Catholic school board in the London area says the personal information of students and some staff has been exposed in a cyber attack that has impacted schools across the country.
The data breach involved PowerSchool, an application used to store a range of student information and some information about school-based staff. The company told school boards about the incident on Tuesday, noting the breach happened between Dec. 22 to 28, 2024.
The London District Catholic School Board (LDCSB) said Friday that an investigation has found its data was compromised, but said it has not been shared.
"PowerSchool has informed the LDCSB that it has received confirmation that the data accessed by an unauthorized user has been deleted and that no copies of this data were posted online," spokesperson Mark Adkinson said, adding that social insurance numbers and banking information is not stored in the system.
The Thames Valley District School Board, the largest in the region, does not use PowerSchool, a spokesperson said.
In an email, PowerSchool spokesperson Melissa Wenzel said the company consulted third-party cyber security experts in its response and PowerSchool does not "anticipate the data being shared or made public." The company is continuing to provide service as usual, she said.
The Information and Privacy Commissioner of Ontario has been notified.
Adkinson said the type of data affected is still not known, adding that people who were exposed will be notified by the board when more is known.
"We know this news may be concerning. Please know that we are doing everything possible to learn more from PowerSchool about what occurred, and we will update the LDCSB staff and families as more information becomes available," Adkinson said.
