Data Breach Notice: Jan. 9 2025 ENG

Dear District 6 Families and Staff,

On Tuesday afternoon, January 7, 2025, our district was notified by PowerSchool about a recent data breach involving their Student Information System (PowerSchool SIS). This breach has affected schools globally, including Zion Elementary School District 6.

We understand that incidents like this can be alarming, especially when they involve the privacy and security of personal information. Please know that we are working closely with PowerSchool to understand the full extent of the breach and to ensure necessary measures are in place to protect our student and staff data. The details below summarize the current information regarding the incident and outline the steps being taken in response. We will provide additional updates as we receive more information.

Details of the Data Breach

PowerSchool discovered the data breach incident on December 28, 2024, identifying unauthorized access to their system between December 19 and December 24, 2024. The breach exploited a PowerSchool technical support employee’s account, allowing a threat actor to gain unauthorized access to download large amounts of customer data from schools worldwide.

On Wednesday, January 7th, PowerSchool held a webinar for affected schools, providing clarity on the current status of the breach. PowerSchool enacted cybersecurity protocols and mobilized a cross-functional response team. They have informed law enforcement and engaged CrowdStrike, a cybersecurity firm, to investigate the breach further. In addition, PowerSchool has enhanced its security protocols by updating credentials and restricting access to support tools.

Data elements that were accessed are identified below.

Students

• Name
• PowerSchool ID number and State ID Number
• Date of Birth
• Gender
• Parent/guardian contact information (name, mailing address, email address, phone number)
• Emergency contact contact information (phone number)
• Enrollment dates and withdrawal reasons
• Grade Point Average (GPA)
• Graduation year
• Limited medical alert information (e.g., allergies, life-threatening conditions)
• IEP and 504 status
• Free and reduced lunch status

Employees

• Name
• PowerSchool ID number
• Job Title
• Employee type
• Email address(es)
• Phone number(s)

Our Commitment To Data Security

While PowerSchool has indicated the likelihood of data misuse is low, we remain proactive in securing our systems and assessing the situation thoroughly. Our Technology Department has thoroughly examined our systems, verified configurations, and have taken additional actions including:

• Internal Audit: Conducted a thorough review of our data logs to determine the records accessed within our district, identifying 17,193 current and former students and 3,804 current and former employees from 2003 to present.
• Engagement: We have arranged dedicated time with our PowerSchool customer support representative to ensure focused, customized attention to this matter.
• Restricted Remote Access: Remote technical support access has been disabled to prevent incidents like this.
• Collaboration: Established communication with other affected districts and educational technology organizations to ensure a comprehensive response.
• Access To Updates: Details regarding this incident can be located on our district website under resources at www.zion6.org/alerttracker.

Steps Moving Forward

In line with the Student Online Personal Protection Act (SOPPA), we have prepared additional resources and contact information, which are available on our website at www.zion6.org/soppa-notices. A final report from PowerSchool is expected next week, which will offer more clarity on the breach and its implications.

We are committed to keeping you informed as we receive more updates from PowerSchool. As further details are disclosed, they will be communicated by email and posted on our Alter Tracker portal.

Sincerely,

Dr. Julious Lawson

Superintendent