Skip to Content
News

Some Southern Colorado school districts affected by data breach

MGN
By
January 13, 2025 5:29 PM
Published 5:57 PM

COLORADO SPRINGS, Colo. (KRDO) - Several Southern Colorado school districts have been affected by a data breach involving PowerSchool, an education technology software platform.

KRDO13 has reached out to many local school districts, some have gotten back to us, and some have not, at the time of this writing. Not all districts use PowerSchool.

District 49 provided the following statement:

"PowerSchool, the provider of School District 49’s student and workforce information management system, notified our district late this week that D49 is included in a significant breach of PowerSchool’s cybersecurity.  This is profoundly troubling news for D49, as we place the utmost importance on protecting student data. We are diligent in ensuring that student information is handled with care and security, and we are working closely with PowerSchool to monitor and address the situation.  District 49 is collaborating with our cybersecurity specialists and with PowerSchool to constrain the current breach and prevent future breaches while we ensure that PowerSchool provides appropriate protections and monitoring services to those affected by this event. 

The district said the following data was impacted:

  • Workforce Notification:  Name, Address (affected one person), Date of birth (DOB), Ethnicity, Gender, Work email and telephone number that the staff member released for weather alerts, PowerSchool/ PowerTeacher Pro login (only username), EDID (Educator Identification), Assigned school, Job Title
  • Parent Notification: Name, Addresses, Lunch Status, Date of birth (DOB), Medical Information, Ethnicity, Gender, Grade Level, Cumulative  GPA, Parent's information, including email and telephone number, Emergency contact information, including email and telephone number, PowerSchool login (only username)

The district also said, "While PowerSchool reports that student Social Security Numbers (SSN) were accessed during the breach, School District 49 has reassured parents that D49 does not record or store student SSN in our system, so there is no possibility that SSN from our stakeholders were accessed."

District 11 was impacted and is still working to clarify what data was compromised.

The district's senior executive director of IT provided the following:

"We are committed to keeping you informed about matters that impact our community. We were recently notified by PowerSchool, the vendor for our Student Information System (SIS), of a cybersecurity incident that affected certain information belonging to our students and teachers. While the investigation is ongoing, here is what we know so far:

  • On or about December 22, 2024, a PowerSchool contractor account was compromised and used to access some data related to our students and teachers. Notably, we did not store Social Security numbers in our SIS; therefore, no student or teacher Social Security numbers were impacted in connection with this incident.
  • User accounts, passwords, and other sensitive credentials were not compromised, and there is no need for staff to change passwords.
  • PowerSchool’s other systems, as well as all other District 11 systems, were not impacted by this incident.

PowerSchool has assured us that the situation is contained. They are working with leading cybersecurity professionals from CrowdStrike to conduct a thorough forensic analysis and ensure ongoing monitoring.

While PowerSchool continues to assess the full scope of this incident, we want to reassure you that the safety and security of our students, families, and staff remain our highest priority. We appreciate your patience and understanding as this investigation continues, and will provide updates as more details become available.

Thank you for your trust and understanding as we work through this situation.

A representative of Chavez Huerta Preparatory Academy (CHPA) in Pueblo provided the following statement:

"We have just recently found out about the data leak and awaiting more details from our PowerSchool account manager. I do know that we were assured a quick response and resolution of the incident via email. We haven’t received details of what data was leaked other than student/staff names, addresses, and demographic information.  I can say that we do not house Lunch status.  We house emergency contact phone numbers, no addresses, etc. and we do house the rest of the information you listed below, but no confirmation has been received by us from PowerSchool with details of the data in the leak."

The school also said that CHPA does not house identifiable information such as social security numbers, banking info, or credit information, and most of the data will be names and addresses.

The school said they do house the following information:

  • Student/Staff Names, addresses, and demographic information
  • Emergency contact phone numbers
  • DOBs, Student Medical Information, EDID, GPA, Staff Assigned Schools & Job Titles, Power school usernames, 

KRDO13 is still waiting to hear back from the following districts on whether they use PowerSchool and if they were impacted:

  • D70
  • D14
  • Canon City Schools

KRDO13 has confirmed the following districts were not impacted:

  • D20 - Does not use PowerSchool
  • D38 - Does not use PowerSchool
  • D2 - Does not use PowerSchool
  • D3 - Does not use PowerSchool
  • D8 - Does not use PowerSchool
  • D60 - Does not use PowerSchool
  • D12 - Does not use PowerSchool
  • Fremont School District Re-2 - Does not use PowerSchool
Article Topic Follows: News

Jump to comments ↓

Author Profile Photo

Tyler Dumas

Tyler is a Digital Content Producer for KRDO

BE PART OF THE CONVERSATION

KRDO NewsChannel 13 is committed to providing a forum for civil and constructive conversation.

Please keep your comments respectful and relevant. You can review our Community Guidelines by clicking here

If you would like to share a story idea, please submit it here.

Skip to content