What Happened?
In early January 2025, Elk Island Catholic Schools received notification from PowerSchool of a third-party's unauthorized access to its system. While that access was still active, the third party obtained information pertaining to hundreds of school divisions across North America, including EICS.
Related to EICS, information for current and past students and staff was obtained, dating back to 2008.
PowerSchool has engaged TransUnion and Experian to offer two years of complimentary identity protection services for all students and educators whose information from our PowerSchool was involved. Two years of complimentary credit monitoring services for all students and educators whose information was involved and who have reached the age of majority are also being offered.
For more information about those services, please visit this PowerSchool webpage.
Below are common questions and answers related to the incident, what information was obtained, and how people whose information was obtained can register for identity protection and creditor monitoring services.
Who is Affected by This Incident?
Current and former EICS students dating back to 2008 and current and former staff who had a PowerSchool account dating back to 2008.
What Student/Parent/Guardian Information Was Accessed?
The specific information that was accessed will vary by school division and for each individual. Generally, as it relates to EICS, the information that was accessed may include parent/guardian name, phone number, and/or email; and student name, grade, residential address, date of birth, and limited medical alert information. Financial information and account credentials were not compromised, and EICS does not collect student or parent/guardian Social Insurance Numbers.
What Staff Information Was Accessed?
Name and work email.
Was Financial Information Accessed?
No. This information is not stored on PowerSchool.
Were Social Insurance Numbers Accessed?
No. This information is not stored on PowerSchool. However, there are some situations where the number “000-00-000” is used in place of a real number. The presence of this fake number may cause PowerSchool to notify you that your real SIN has been obtained.
We have not populated new student, parent/guardian or staff records with fake SINs for a number of years now, and are leaving that information empty instead.
Were Photos Accessed?
No.
Were Personal Documents I Uploaded During the Registration Process Accessed?
No.
Do I Need to Reset my PowerSchool Username and Password?
No. This information was not included in the incident.
Was My Information Used?
PowerSchool is not aware of any identity theft that is attributable to this incident.
What Has Happened to the Information?
PowerSchool has also reassured us that the information that was obtained by unauthorized access has been deleted.
I Haven’t Received Any Emails from PowerSchool, TransUnion, or Experian.
Please check your spam/junk folder for the email there. Otherwise it's possible they have not yet not contacted you. Visit this page for details.
Are Former Staff and Students Also Being Contacted by PowerSchool, TransUnion, or Experian?
Former students and staff are being contacted through the email address PowerSchool has on file.
How Do I Register for Identity Protection?
Two years of complimentary identity protection services are being offered for all students and educators whose information was obtained through the PowerSchool cyber security breach.
Please visit this PowerSchool webpage for more information and instructions to sign up for these services. The deadline to register is May 30, 2025.
How Do I Register for Credit Monitoring?
Two years of complimentary credit monitoring services are being offered for all students and educators whose information was involved and who have reached the age of majority.
Please visit this PowerSchool webpage for more information and instructions to sign up for these services. The deadline to register is May 30, 2025.
Could EICS Have Prevented This Incident?
No. EICS routinely engages with third party vendors to provide services to support
schools and the education of students district wide. While EICS does our best to
ensure that the security services and privacy policy of third party vendors match our
desire to protect the information in our care, ultimately it is the responsibility of the
third party, in this case PowerSchool, to ensure that their environment is secure.
Is EICS Still Using PowerSchool?
Yes. PowerSchool has reassured us that their security has been upgraded to prevent this similar type of incident from occurring in the future.
Once our contract for PowerSchool to provide EICS with services nears an end, we reserve the right to explore all of our options, as we do with all third party vendors.
Will There Be Future Updates from EICS?
No further updates from EICS are anticipated at this time, but that could change if additional information needs to be shared.
Additional Information
If you have other questions related to this incident, please visit the PowerSchool website for other frequently asked questions and up-to-date information on the cybersecurity incident.