PowerSchool Data Breach Information

Facebook (opens in new window)
Search our Website

District Information
Schools

Stoneham Early Learning Center

149 Franklin St.
Stoneham, MA 02180
781.954.5660

Visit SELC

Colonial Park Elementary School

30 Avalon Road
Stoneham, MA
781.279.3890

Visit Colonial Park

Robin Hood Elementary School

70 Oak St.
Stoneham, MA
781.279.3870

Visit Robin Hood

South Elementary School

11 Summer St.
Stoneham, MA
781.279.3880

Visit South

Central
Middle School

101 Central St.
Stoneham, MA
781.279.3840

Visit Central Middle

Stoneham High
School

149 Franklin St.
Stoneham, MA
781.279.3810

Visit Stoneham HS
Guardians/Students
For Staff
Staff Directory

Home
Information Technology
PowerSchool Data Breach Information

Message from Superintendent - January 8, 2025

Dear SPS Community:

Today, we were notified by PowerSchool, the student information system used by our District and many others across the country, of a cybersecurity incident affecting their systems. PowerSchool has informed us that this incident involves unauthorized access to their data systems nationwide.

We want to share what we know at this moment, given the potential significance and reach of this incident. At this time, PowerSchool has indicated this is a nationwide issue, but we are awaiting further clarification whether there is any local impact. PowerSchool has assured its customers that the incident has been contained, and there is no evidence of continued unauthorized activity.

This afternoon we will participate in a webinar hosted by PowerSchool’s senior executives, during which they will provide PowerSchool’s customers with more information about the incident and their response. We are committed to fully understanding the situation.

As soon as we have additional information from the webinar and further guidance from PowerSchool, we will provide you with an update. Our priority is to ensure transparency and to take any necessary steps to protect the information entrusted to our systems.

We understand the concern this may cause and appreciate your patience and understanding as we navigate this situation. Please know that we take the security of student and family data very seriously and will do everything we can to keep you informed.

Thank you for your attention, understanding, and support.

David Ljungberg, Superintendent

Stoneham Public Schools

Message from Superintendent - January 10, 2025

January 10, 2025

Dear SPS Families and Staff:

As I previously communicated, on Tuesday, January 7 we were informed about a national/worldwide cybersecurity incident that occurred in late December involving our student information system (SIS) provider, PowerSchool. PowerSchool confirmed student and staff information from across the country and Canada had been accessed by an unauthorized user.

We engaged in a conference call with PowerSchool late afternoon on January 8 to get specific details about our data. We have confirmed the following:

The issue was caused by compromised credentials of a PowerSchool employee that allowed access to their national customer support platform.

The PowerSchool support platform is operated and managed by PowerSchool, not the Stoneham Public Schools.

Most of the information obtained was Directory information. Directory information includes names, addresses, and emails that are not protected by state and federal student records laws and regulations.

Our Technology staff was able to audit our internal records and located the specific files that were accessed. Our own internal assessment found that, in addition to the Directory information for all students and staff previously disclosed, there were specific instances where sensitive student information was accessed that is protected by state and federal student records laws and regulations. There was no protected staff information disclosed.

Specifically, our team identified the following instances of protected student information of current and former students having been disclosed:

Medical Alerts: Current students that have a medical condition have an alert placed in PowerSchool. The alert does not specify what the actual medical condition is. The alert simply says "see nurse." These alerts are used so that staff know they should see the school nurse for specififc medical information, such as for a life-threatening food allergy.

Custody and Court-related Alerts: Some students who have a custody alert, include information such as custody agreements, restraining orders, and other legal information which stipulate how our schools may communicate with families.

If your child had protected information noted above that was compromised as part of this data breach, we will notify you early next week of the specific category of information through a separate email. This email will be specific to your child and provide contact information in the event you want to follow up directly with school staff.

Please know that as a practice we do not collect certain sensitive information such as social security numbers or immigration status, so this information is not part of our information systems. Additionally, most of a student’s medical information is kept separately in a secured system outside of PowerSchool.

PowerSchool has reported that they have taken measures to curtail further breaches.

What action you need to take: All staff and families should reset their passwords for added account security. User passwords were not part of the data compromised in the breach; however, out of an abundance of caution, we are requesting that all staff and families reset their passwords for their PowerSchool accounts. To reset your password, log in to the portal, select account preferences, and edit your password:

This news and the delay in which the security breach was reported to us are extremely concerning. Our goal in this process has been to address the issue with the greatest transparency possible.

Sincerely,

David Ljungberg

Superintendent of Schools

Information Technology