PowerSchool Data Breach Update – Credit Monitoring and Identity Protection Details

Feb. 05, 2025


​​​​We have an update on the PowerSchool data breach and details about how to enroll in the credit monitoring and identity protection offered by PowerSchool. This breach has impacted many school boards across Canada and the United States.​

Please carefully review this information to understand how you may be affected to help determine your next steps.

W​​​hat Happened?

CBE was informed by PowerSchool on Jan. 7, 2025 of a cybersecurity incident involving the PowerSchool application, which is used for managing student information. We immediately began an internal investigation to determine the cause of the breach and assess what information may have been compromised. We continue to work with PowerSchool to understand the scope and extent of the breach.

Who was Im​​pacted?

Records of both current and former students and staff have been accessed. 

Students: The breach affects students who have been part of the CBE system at any time since September 2018, when CBE began using PowerSchool as its student information system. Additionally, historical student data from prior years was transferred into PowerSchool upon its launch, meaning that students who were part of the CBE system before September 2018 may also be impacted. 

We are actively working to identify the student data imported into PowerSchool from CBE’s prior student information system. 

Staff: The breach affects current and former staff who have been part of the CBE system at any time since September 2018, when PowerSchool was implemented. This includes t​eachers, administrative personnel, contractors and other employees whose information was entered into PowerSchool. 

We are actively working to identify staff data imported into PowerSchool from CBE’s prior systems to establish a clear timeline of historical staff who may have been impacted by the breach.

What Information was Impacted?

While our investigation continues, we have now confirmed with PowerSchool the types of personal information stored in PowerSchool that may have been accessed and acquired by an unauthorized user.

The staff information includes the following:

  • First, middle and last names
  • CBE employee numbers
  • School name codes
  • School addresses and phone numbers
  • Department and/or teaching specialty
  • CBE issued email addresses
  • In limited cases, home phone numbers and home addresses if entered into PowerSchool.

The student information includes the following:

  • First, middle and last names
  • Home address
  • Phone numbers
  • Date of birth
  • Gender
  • Grades
  • Alberta student ID number
  • CBE issued ID number
  • School names or school codes
  • In some cases, medical information such as allergies, medications, medical conditions, Alberta Health Care number, doctor contact information, data entered into “open text” fields on PowerSchool and/or supports, and information from the Guardian Alert field, used to communicate guardian information to teachers and other school staff in emergencies

Correction | In the Feb. 5 communication CBE issued email addresses were included in this list. Further investigation has determined these email addresses were not part of the breach.​

PowerSchool has reported that it does not expect the compromised data to be shared or made public. Additionally, PowerSchool believes the data has been deleted without any further replication or dissemination. Regardless, the CBE remains committed to addressing this incident and is actively collaborating with PowerSchool to strengthen safeguards and prevent similar occurrences in the future.

What Information was not Impacted?​

CBE does not store the following information in PowerSchool: 

  • Financial or banking information
  • Birth certificates
  • Drivers’ licenses
  • Immigration documents
  • ​Police information check letters 

Credit Monitoring and Identity Protection​​​​

PowerSchool has engaged TransUnion and Experian, trusted credit reporting agencies, to offer two years of complimentary identity protection for all students and staff whose information from the PowerSchool student information system was involved. 

Note | Parent names were not included in the breach. Only students and staff are eligible to register for these monitoring services. Credit monitoring services are only available those students ​who have reached the age of majority.

How can I access identity protection being offered by PowerSchool?​​​

  • Visit the Experian IdentityWorks website to enroll
  • Provide the activation code: MPRT987RFK
  • The deadline to enroll is May 30, 2025 (The code will not work after 11 AM MT on this date)
  • For questions about the product or help with enrolment, please email globalidworks@experian.com ​
How can I access credit monitoring being offered by PowerSchool?​​

PowerSchool is offering credit monitoring services to involved staff and students who have reached the age of majority in Alberta.

  • Visit PowerSchool's Canada Credit Monitoring page ​and click on the link to the validation website
  • Enter your first name, last name and year of birth
  • If your identity is validated, a pop up will appear that provides an activation code and provides you a link to TransUnion’s myTrueIdentity site to enroll

Where Can I Find the Latest Information?​​

The most up to date information is posted on the CBE website and we will continue to update it if more details become available. You may also check the PowerSchool website for updates on this incident.

Should you have any additional questions, please contact foip@cbe.ab.ca

​​

 Questions

Questions may be directed to:

or

The Office of the Information and Privacy Commissioner of Alberta

 Related Stories