Jamestown Public Schools announced they were informed of a cybersecurity incident involving software used by the district.
PowerSchool informed the district on January 7 that they experienced a cybersecurity incident involving unauthorized access to certain PowerSchool student information systems. Jamestown Public Schools was among PowerSchool’s many worldwide clients affected. District officials attended a detailed debrief by PowerSchool about the data event to learn more information which will be released to JPS constituents as it becomes available.
According to PowerSchool, a threat actor used a compromised administrative PowerSchool credential belonging to a sub-contractor to access data stored in the global PowerSource management system. When PowerSchool became aware of the incident on December 28, 2024, they notified law enforcement, locked down the system and engaged the services of CrowdStrike (a cybersecurity company that develops software to help companies detect, prevent, and respond to cyberattacks) and Cyber Steward (a professional advisor with experience in negotiating with threat actors).
PowerSchool has notified JPS that the data accessed primarily includes student, parent, and staff contact information such as name, address, and phone numbers. JPS does not retain social security numbers in PowerSchool, and no financial information was included in the data event.
PowerSchool states that they have received “reasonable assurances from the threat actor that the data has been deleted and that no additional copies exist. We do not anticipate the data being shared or made public, and we believe it has been deleted without any further replication or dissemination. We have a video confirming deletion and are actively searching the dark web to confirm.”
PowerSchool has stated that the incident is contained, and they have no evidence of malware or continued unauthorized activity in the PowerSchool environment. They are not experiencing, nor expect to experience, any operational disruption and they continue to provide services as normal to school districts.
PowerSchool has stated, “While we are unaware of and do not expect any actual or attempted misuse of personal information or any financial harm to impacted individuals as a result of this incident.”
Leave a Reply