The NWT government says the number of students and staff whose information was exposed by a massive PowerSchool data breach remains unclear this week.
The breach, uncovered at the end of December and publicized earlier this month, involved someone using login credentials for PowerSchool – a type of software – to steal information related to schools across various countries.
PowerSchool has declined to confirm the number of schools and districts affected. The company has operations in more than 90 countries and says it serves more than 60 million students.
The GNWT has said data accessed by the attacker included information about students and staff at the Beaufort Delta Division Education Council, Dehcho Divisional Education Council, South Slave Divisional Education Council, Yellowknife Catholic Schools, and Yellowknife Education District No 1.
However, what hasn’t been apparent is which students and staff. Just the ones currently at schools in those districts, or students and staff who have since left the system as well?
Advertisement.
Advertisement.
After parents contacted us to ask about this, we questioned the NWT’s Department of Education, Culture and Employment about how much historical data the attacker had accessed.
On Tuesday, a spokesperson for the department said by email: “PowerSchool holds records for current and historical students and staff. However, at this time the extent of impacted data is still under investigation. Individuals impacted by the breach will be notified directly.”
Reports suggest decades of data were stolen from other jurisdictions where PowerSchool is used.
In Ontario, for example, data from Toronto public school students going back as far as 1985 is thought to have been accessed. The Ottawa Catholic School Board said its data going back to the 1990s was affected.
Advertisement.
Advertisement.
The GNWT has said data stolen includes names, mailing addresses, phone numbers and email addresses for students, parent, guardians and teachers, as well as student medical information.
PowerSchool is reported to have paid the attacker to delete the data, though it’s not clear if the company has any way to know with certainty if that deletion took place.
PowerSchool now says it is offering “two years of complimentary identity protection services for all students and educators whose information was involved,” as well as two years of “complimentary credit monitoring services for all adult students and educators whose information was involved.”
The company said credit reporting agency Experian will handle those services and will soon be in touch with affected customers and individuals.
More: PowerSchool’s page about the breach
“The GNWT takes this matter extremely seriously and we are committed to sharing facts as they are verified,” the ECE spokesperson said on Tuesday, promising more updates as PowerSchool’s investigation continues.
The department said any staff or families who would “like to connect with someone at the department” about the breach can do so by email.
