Below you will find the initial updates sent out by the Nashoba Regional School District following PowerSchool's notice about a cybersecurity breach. To keep our community updated we will record community updates, additional information, and FAQs on our PowerSchool Cybersecurity Breach page.
January 10th, 2025 Update - Update #2
Dear Nashoba Community,
I wanted to provide the following update to the reports of a data breach involving PowerSchool, the district's student information vendor.
Here is the timeline of events as we understand them today:
On or about Dec. 19, hackers used a compromised credential to gain access to PowerSchool’s student information system. The hackers accessed and downloaded student and teacher database tables.
PowerSchool discovered the hack on Dec. 28. It immediately hired a third-party cybersecurity advisor to assist.
PowerSchool notified the District on Jan. 7.
PowerSchool has confirmed that the stolen data primarily contains directory information such as names, addresses, and phone numbers.
Through our Technology Department’s investigation we have determined that our data was downloaded on December 22nd, 2024, and that possibly impacted fields could include personally identifiable information like medical alerts, discipline alerts, and photographic releases. We are awaiting confirmation from PowerSchool to confirm the exact fields that were impacted and downloaded. We will continue to keep the community updated as we receive additional information via email and our district website.
PowerSchool has taken a number of measures to increase security, including mandating new passwords and instituting tighter password policies for its employees. PowerSchool also confirmed it hired CyberSteward to negotiate a ransom to the hackers to prevent public release of this information, although there was no demand to do so.
Our leadership team is in contact with PowerSchool and has attended webinars with company leaders to develop a deeper understanding of how and why this breach occurred.
We remain extremely concerned about this breach and the initial lack of transparency by PowerSchool. The company has promised to share a completed third-party investigation by the end of next week. We will use this review to guide our internal discussions regarding PowerSchool and the future security of the district’s personal information.
We are committed to providing regular updates as more information is available.
We understand this situation may cause concern. As always, please reach out to me with any questions.
This news post will be updated with all new communications regarding the PowerSchool Cybersecurity Breach. The most recent updates will appear at the top of the news posting, please scroll down for previous communications.
January 8th, 2025 Update - Update #1
Dear Nashoba Community,
On January 7th, the District was informed about a cybersecurity breach involving our student information system vendor, PowerSchool.
We have been told that hackers accessed PowerSchool SIS, which we use to manage student records, grades, attendance, and enrollment, using a compromised credential. PowerSchool has confirmed that the stolen data primarily contains contact details such as names and addresses.
While we have limited details at this time, we want to share the following letter from PowerSchool in the interest of full disclosure.
This news is extremely concerning, as we are entrusted with the security of private information. We will be providing more information as it is made available.
Thank you for your patience as we work to learn more about this situation.