Freedom of Information and Protection of Privacy (FOIP)

PowerSchool Data Breach

On Jan. 7, 2025, PowerSchool notified the CBE and other school boards across Alberta and North America that a PowerSchool system had experienced a data breach in late December, 2024. The data breach involved CBE staff and student information. The protection of student and staff data is important to us and we are taking this security breach seriously. We remain committed to keeping staff and families informed, and updates will continue to be posted here as they become available.​​

Updated Feb. 5, 2025

This page has been updated to reflect new information obtained through CBE’s internal investigations and additional details provided by PowerSchool. Please see the FAQ below for more detailed responses to common questions regarding the data breach. The CBE is continuing to engage with PowerSchool in order to gather full, accurate details with respect to the breach incident; this engagement will be ongoing, as PowerSchool’s investigation continues and results are analyzed.

 Related News Stories

Feb. 05, 2025PowerSchool Data Breach Update – Credit Monitoring and Identity Protection Details
Jan. 23, 2025PowerSchool Breach Update - Complimentary Credit Monitoring
Jan. 09, 2025PowerSchool Data Breach

Frequently Asked Questions About the Data Breach

As new information is received, the FAQ below will continue to be updated.

Who was impacted?Added Feb. 5, 2025

Records of both current and former students and staff have been accessed.

Students: The breach affects students who have been part of the CBE system at any time since September 2018, when CBE began using PowerSchool as its student information system. Additionally, historical student data from prior years was transferred into PowerSchool upon its launch, meaning that students who were part of the CBE system before September 2018 may also be impacted.

We are actively working to identify the student data imported into PowerSchool from CBE’s prior student information system.

Staff: The breach affects current and former staff who have been part of the CBE system at any time since September 2018, when PowerSchool was implemented. This includes teachers, substitute teachers, administrative personnel, contractors and other employees whose information was entered into PowerSchool.​

What data was accessed?Revised Feb. 5, 2025

Student personal information, including:

  • First, middle and last names
  • Home address
  • Phone numbers
  • Date of birth
  • Gender
  • Grades
  • Alberta student ID number
  • CBE issued ID number
  • School names or school codes
  • In some cases, medical information such as allergies, medications, medical conditions, Alberta Health Care number, doctor contact information, data entered into “open text” fields on PowerSchool and/or supports, and information from the Guardian Alert field, used to communicate guardian information to teachers and other school staff in emergencies.

​Correction | In the Feb. 5 communication CBE issued email addresses were included in this list. Further investigation has determined these email addresses were not part of the breach.​

Staff information, including:

  • First, middle and last names
  • CBE employee numbers
  • School name codes
  • School addresses and phone numbers
  • Department and/or teaching specialty
  • CBE issued email addresses In limited cases, home phone numbers and home addresses if entered into PowerSchool.

How can I access identity monitoring being offered by PowerSchool? Revised Feb. 10, 2025

PowerSchool is offering two years of complimentary identity protection services, provided by Experian, to students and educators whose information was involved. A credit card is not required to enroll.​

Note | Parent names were not included in the breach. Only students and staff are eligible to register for this identity monitoring services. 

  • Visit the Experian IdentityWorks website to enroll: www.globalidworks.com/identity1
  • Provide the activation code: MPRT987RFK
  • The deadline to enroll is May 30, 2025 (The code will not work after 11 AM MT on this date)
  • For questions about the product or help with enrolment, please email globalidworks@experian.com

How can I access credit monitoring being offered by PowerSchool?Revised Feb. 10, 2025

PowerSchool if offering credit monitoring services to involved staff and students how have reached the age of majority in Alberta.

Note | Parent names were not included in the breach. Credit monitoring services are only available staff and those students who have reached the age of majority.​

I uploaded my personal documents. Have these been compromised?

Personal documents (i.e., birth certificates, drivers’ licenses, and immigration documents) uploaded for registration and police information checks are uploaded to SchoolEngage, not PowerSchool.

Was my Social Insurance Number (SIN) or my child's SIN compromised? Revised Feb. 5, 2025

As a practice, the CBE does not collect student or parent SINs or student Alberta Health Care (AHC) numbers. Out of an abundance of caution we will continue to review the data to confirm if there are any records that may contain information related to SIN or AHC.

What information is stored in PowerSchool?

PowerSchool includes student information such as names, birth dates, addresses and phone numbers, student ID numbers and medical and guardian notes. PowerSchool also stores staff names, contact information and ID numbers.

Was financial information compromised?

Based on the information provided by PowerSchool, financial information was not compromised. CBE does not store credit card or other financial information in PowerSchool.

Can I log into the parent portal and pay fees safely?Added Jan. 29, 2025

Yes. While the parent portal is available through PowerSchool, other portal functions like the fee payment system (Rycor) are separate and were not affected by the PowerSchool cybersecurity incident. All payment information is processed directly within Rycor, which operates independently of PowerSchool.

How did the unauthorized party gain access to PowerSchool?

More details of the breach can be found in the information shared by PowerSchool.

Can I still access PowerSchool?

Yes. PowerSchool is available for school and family use.

Should we change our passwords?

It’s good practice to change passwords regularly and not use the same password across different applications.

Is PowerSchool safe to use?

PowerSchool has taken steps to secure its systems and has assured us that the breach has been contained. CBE has taken additional measures to prevent third-party access.​

 Questions

Questions may be directed to:

or

The Office of the Information and Privacy Commissioner of Alberta

 
Last modified: 2/10/2025 11:05 AM
Website feedback: Webmaster
^