Superintendent: Harwood district hit in PowerSchool data breach
January 10, 2025 | By Waterbury Roundabout The following communication was sent today from Harwood Unified Union School District Superintendent Mike Leichliter to families and staff regarding an investigation into a cybersecurity breach of the PowerSchool information platform used by the district’s schools.
The system manages student registration information, classes, grades, attendance, etc.
VTDigger has reported on this incident which state Agency of Education officials say has affected 39 school districts in Vermont. We share that report below the notification from the superintendent.
—————————————————
Dear HUUSD Community,
The Harwood Unified Union School District was notified this week by PowerSchool, our Student Information System (SIS) provider, that they became aware of a potential cybersecurity incident on December 28, 2024, involving school clients throughout the United States. PowerSchool indicated an unauthorized party gained access to certain PowerSchool Student Information System customer data using a compromised credential. Our District IT staff has officially verified that HUUSD data was accessed.
PowerSchool reported that it “engaged our cybersecurity response protocols and mobilized a cross-functional response team, including senior leadership and third-party cybersecurity experts. We have also informed law enforcement.”
HUUSD is conducting an extensive internal audit and following up with PowerSchool to find out more information on how the District was affected and for more specific details on the incident.
As we receive more information, we will relay it to families, the community, and to any specific individuals impacted.
Best,
Michael G. Leichliter, Ed.D.
Superintendent of Schools, Harwood Unified Union School District
Nationwide data breach affects student, staff information at Vermont schools
By Corey McDonald | VtDiggerThe personal data of students and staff at several dozen Vermont school districts may have been compromised in a nationwide data breach of a student information system, according to state education officials.
PowerSchool, a California-based company that provides a student information system and cloud software used by 39 school districts in Vermont, told its customers on Tuesday that personal data of students, staff and faculty of school districts throughout the country were hacked, according to officials.
The company serves more than 75% of students in North America, according to a report from TechCrunch, and its software is used by roughly 16,000 customers to support more than 50 million students in the United States.
Schools use the software to manage student records, grades, attendance and enrollment.
It is unclear how many school districts in Vermont were affected by the data breach. Lindsey Hedges, a spokesperson for the state Agency of Education, said in an eChamplain Valley School District was among the affected districts. Adam Bunting, the district’s superintendent, said in a letter to families that “the Agency of Education is actively working with PowerSchool to determine the next steps.”
“We understand that the situation is concerning and will keep you informed as we learn more,” Bunting wrote in the letter.
In a phone interview, Bunting said PowerSchool informed the district that the breached personal information of faculty and staff mainly included things like contact information.
“The information, as far as we understand, does not include things like Social Security numbers,” he said. “The initial information we have is that it’s more about contact information.”
mail that not all of the 39 districts that use PowerSchool were affected, but noted that the agency “will continue to work with districts and remain in contact as the full impact of the incident unfolds.”
Student information, Bunting said, may include names, address, emails and birthdates.
A spokesperson for PowerSchool, Beth Keebler, said in an emailed statement that the company “is committed to protecting the security and integrity of our applications.”
“We take our responsibility to protect student data privacy and act responsibly as data processors extremely seriously,” the statement reads. “Our priority is to support our customers through this incident and to continue our unrelenting focus on data security.”
TechCrunch reported that hackers successfully breached the company’s school information system, and the company was made aware of the breach on or around December 28.
“As soon as we learned of the incident, we immediately engaged our cybersecurity response protocols and mobilized a cross-functional response team, including senior leadership and third-party cybersecurity experts,” the company’s statement said.
The company said it does not anticipate the data being shared or made public.
Zoie Saunders, Vermont’s secretary of education, said in correspondence to superintendents of the affected districts that the impact of the breach may vary from district to district.
“We understand that this news may be concerning, but please be assured that the agency takes incidents involving student information very seriously and is committed to ensuring that all necessary measures are in place to safeguard it,” she wrote.
This story was originally posted on VtDigger.org on Jan. 8.