BROWNSBURG, Ind. — The Brownsburg Community School Corporation confirmed its student information system was accessed by an unauthorized user as part of a national data breach.
The school corporation confirmed in an email sent to families that thousands of school corporations had their data compromised following a breach of the PowerSchool SIS platform on Dec. 28, a K-12 software and cloud-based solutions provider.
“PowerSchool became aware of a potential cybersecurity incident involving unauthorized access to certain information through one of our community-focused customer support portals, PowerSource,” the company said. “Over the succeeding days, our investigation determined that an unauthorized party gained access to certain PowerSchool Student Information System (“SIS”) customer data using a compromised credential.”
PowerSchool provides solutions for K-12 schools and districts for over 60 million students and over 18,000 customers around the world. The company provides a platform to assist districts with enrollment, communication, attendance, staff management, learning systems and more.
PowerSchool added that the cybersecurity incident was contained and that the provider was not experiencing any operational disruptions. The provider confirmed that it followed proper protocol, which included deactivating the compromised credential and restricting access to the PowerSource portal, which was the source of the breach.
“Rest assured, we have taken all appropriate steps to prevent the data involved from further unauthorized access or misuse,” PowerSchool said. “We do not anticipate the data being shared or made public, and we believe it has been deleted without any further replication or dissemination.”
The email sent by the Brownsburg Community School Corporation, which FOX59/CSB4 obtained Wednesday night, said the cybersecurity incident resulted in the theft of personal information belonging to students and teachers from thousands of school districts around the country, including in Brownsburg.
This data could include names, social security numbers, birthdates and contact information.
However, Brownsburg Community School Corporation noted that it does not store social security numbers for its students and parents in PowerSchool.
The school district said it was actively working with the FBI and PowerSchool to learn more about the circumstances that led to the data breach. The email added that this stolen information has likely been deleted.
“Working in cooperation with the FBI, PowerSchool has been given reasonable assurance that this information has been deleted by the unauthorized user,” the email said. “The Indiana Department of Education is filing a possible breach to the Indiana Office of Technology per state code. At this time, there isn’t any action to be taken on your part. We expect to get additional communication from PowerSchool and will share any important updates.”
