Updated 1-9-2025

‍

PowerSchool Data Breach: Steps Schools and Families Should Take Now

A recent cybersecurity breach involving PowerSchool, a widely used cloud-based education platform, has impacted K-12 schools across North Dakota. This breach exposed sensitive student and staff information, highlighting the urgent need for stronger cybersecurity measures in schools.

New Information on the PowerSchool Breach

According to a recent update from North Dakota Information Technology (NDIT), access to PowerSchool has been temporarily restricted for users outside the state network (StageNet) as of 12:00 PM today. This measure was taken as a precaution while the scope of the incident is being evaluated. Users will need to be connected to the school network to access PowerSchool until further notice.

Key points from the latest update:

• The breach occurred through PowerSchool’s support portal (PowerSource) on December 28, 2024.
• PowerSchool confirmed that only specific users with certain system configurations may have been affected.
• Access to the affected portal has been secured, and third-party cybersecurity experts have been brought in.
• There is no evidence of malware or ongoing unauthorized activity.

Additional Technical Recommendations for Schools

As part of the response effort, a set of technical recommendations has been provided to ensure the security of PowerSchool and related systems:

1. Ensure Remote Support Security is Disabled: Verify that remote support security settings are properly disabled.
   • Go to System Management > Security > Security Management Settings and ensure the "disabled" radio box under remote support security is selected.
2. Update Active Directory Binding Passwords: If you bind Active Directory for user logins to PowerSchool, update the binding password. If the same account is used for other Active Directory services, update those as well.
   • Go to System Management > Security > Configure LDAP Directory to update the binding.
3. Reset Non-Active Directory User Passwords: If your PowerSchool accounts are not bound to Active Directory, reset passwords for all users.
   • You can change passwords one by one in the user access portal or set password rules to expire after a day.
   • Go to System Management > Security > Password Rules to manage settings.
4. Review Auto Comms and Auto Sends Settings: If you run any automated communications or sends, consider updating your SFTP server settings.
   • Go to System Management > Server > Plugin Configuration > Remote Connection Manager and review each item.
   • Double-check for any unauthorized new plugins.
5. Remove Social Security Numbers: Ensure there are no Social Security Numbers entered in the student or teacher data tables.
6. Verify New User Accounts: Check that no unauthorized new user accounts were created during the breach period.
7. Review and Deactivate Old Admin Accounts: Take this time to review all admin accounts and deactivate any that are no longer in use.
8. Stay Connected for Updates: External access to PowerSchool remains disabled at this time, and there is no ETA for when it will be restored. Continue to monitor communications from NDIT and EduTech for further guidance.

For more detailed guidance, consult the documentation provided by EduTech and NDIT: PowerSchool Breach Technical Guidance. Additional details and recommendations will be shared as more information becomes available.

Immediate Actions for Schools

To safeguard their networks and prevent future incidents, schools should take both immediate and long-term steps:

1. Conduct a Security Assessment

• Short-Term: Audit your IT infrastructure to find and fix any remaining vulnerabilities.
• Long-Term: Schedule regular third-party security assessments.

2. Strengthen Access Controls

• Enable Multi-Factor Authentication (MFA): Require MFA for all accounts, especially those with administrative access.
• Enforce Strong Passwords: Mandate complex passwords and regular password updates.

3. Update Incident Response Plans

• Develop a clear response plan for future breaches.
• Practice response drills with key staff to improve readiness.

4. Improve Data Backup and Recovery

• Backups: Ensure all critical data is backed up regularly and securely.
• Recovery Testing: Test your disaster recovery plan frequently.

5. Provide Cybersecurity Training

• Offer regular training on recognizing phishing attempts and safeguarding personal data.
• Use phishing simulations to improve staff awareness.

6. Communicate Transparently

• Keep parents, staff, and students informed with regular updates.
• Ensure communication is clear, timely, and consistent.

Advice for Parents, Teachers, and Students

Since personal data may have been exposed, families and staff need to take proactive steps:

1. Monitor Financial Information

• Review bank and credit card statements regularly.
• Parents should check their child’s credit report for any unusual activity.

2. Use Credit Monitoring Services

• Parents and teachers should consider identity protection services like LifeLock or those offered by major credit bureaus.
• These services can provide alerts on potential misuse of personal information, helping to mitigate the risk of identity theft.

3. Change Passwords

• Update all passwords for accounts connected to school systems.
• Use strong, unique passwords and enable MFA.

4. Watch for Phishing Scams and Targeted Attacks

• Be cautious with emails or messages requesting personal information.
• Educate students on how to recognize phishing attempts.
• Parents should be aware that children may be targeted for more sinister scams, such as identity theft, fraudulent loan applications, or exploitation attempts, using their breached data.
• Ensure open communication with children about online safety and report any suspicious activities to the authorities.

5. Freeze Credit for Minors

• Contact major credit bureaus to place a credit freeze on your child’s account.

Role of NDIT and EduTech

The North Dakota Information Technology Department (NDIT) and EduTech play key roles in hosting and securing PowerSchool. Both are actively working to contain and mitigate the breach. Schools should collaborate closely with these organizations while exploring additional security measures.

NDIT is providing guidance to districts on handling the breach, while EduTech continues to support the safe use of digital learning tools. Working together with trusted partners like Smart Computers can further enhance security.

How Smart Computers Supports Schools

Smart Computers, a trusted managed service provider (MSP), offers additional support to North Dakota schools by collaborating with NDIT and EduTech. We specialize in:

• Threat Detection and Response: 24/7 monitoring to detect and respond to threats in real-time.
• Endpoint Security: Protecting devices from malware and unauthorized access.
• Data Backup and Recovery: Ensuring quick recovery from potential data loss.
• Customized Cybersecurity Solutions: Tailoring strategies to meet the unique needs of each school district.
• Compliance Assistance: Helping schools stay compliant with regulations like FERPA.

Why Local Expertise Matters

Smart Computers works closely with NDIT and EduTech to offer localized, responsive support tailored to North Dakota schools. Our collaboration ensures that schools benefit from both the broad oversight provided by state-run services and the personalized care of a dedicated local partner.

Conclusion

North Dakota schools must act swiftly to strengthen their cybersecurity defenses in the wake of the PowerSchool breach. By taking proactive steps and partnering with trusted providers like Smart Computers, they can better protect sensitive data and prevent future incidents.

Parents, teachers, and students also play an essential role in minimizing risks. Monitoring personal information, using identity protection services, and staying alert to potential scams are crucial steps everyone can take.

For more information on how Smart Computers can assist your district, contact us today to schedule a consultation.

Sources

1. KFYR-TV - North Dakota IT officials respond to breach of cloud-based education provider
2. North Dakota Monitor - North Dakota K-12 schools affected by nationwide cyber breach
3. Lewis and Clark Public Schools - Public update on PowerSchool breach
4. Dickinson Public Schools - [DPS statement on PowerSchool breach]
5. NewsDakota - PowerSchool Breach Impacts Student and Teacher Data
6. Google Docs - PowerSchool Breach Technical Guidance

‍