Skip to main content

PowerSchool Notice (May 30, 2025)

image of a laptop computer sitting open on a wooden desk

Dear Brandon School Division Community,

As you may know, PowerSchool, a provider of Student Information Systems (SIS), recently experienced a cybersecurity incident. Like many school institutions across North America, we use PowerSchool for our SIS and thus were informed by PowerSchool that information stored by Brandon School Division in our SIS was involved in the incident. This includes personal information of students, parents/guardians, and educators. We have written to our community about this incident many times previously (see: PowerSchool Cybersecurity Event (Updated: May 5, 2025)). This webpage is intended for those who have not seen our previous communications. If you have seen our previous communications, you do not need to read this and can instead refer to our previous communications. 

PowerSchool has sent emails to students, parents/guardians, and educators whose information was involved in the incident. We understand from PowerSchool that the email was sent from one of the following similar email addresses: ps-sis-incident@mail.csid.com; ps-sis-incident@mail1.csid.com; or ps-sis-incident@mail2.csid.com. If you received an email from any one of these email addresses with the subject line “PowerSchool Cybersecurity Incident”, we have been assured by PowerSchool that it is a legitimate email. The email includes information about how to activate 2 years of identity protection and/or credit monitoring services offered. Please view: Example of PowerSchool Email.pdf to see an example of what the email from PowerSchool looks like, although there may be differences between it and the one you received.

Whether or not you received the email from PowerSchool, you may also visit PowerSchool’s website to learn how to activate the identity protection and/or credit monitoring services.  For those able to utilize credit monitoring services (anyone age 18 and over), you will be prompted to validate before activating by entering your name and date of birth. Anyone, including those under 18, can utilize the identity protection services. PowerSchool has advised that you can call 833-918-7884 if you have any questions.

Please review the email from PowerSchool carefully. It includes details about the incident and the information identified by PowerSchool as involved. In the email, PowerSchool explains that, on December 28, 2024, it became aware that it experienced a cybersecurity incident involving unauthorized access to and exfiltration (acquisition) of certain personal information from PowerSchool SIS environments. This occurred between around December 19 and December 28, 2024. PowerSchool also advised us that it has taken steps to try to prevent the information involved from further unauthorized access or misuse. 

You will see that PowerSchool includes in the email a description of some of the information that was potentially involved in the incident. The information involved varies by person. 

For students, the information involved will generally be limited to information parents/guardians provided Brandon School Division upon registration of their child as a student or any subsequent updates to that information. For many students, the information involved was name, date of birth, gender, ethnicity, phone number, address, MET number, school ID number, and/or enrolment/registration records as well as the parent/guardian’s name and phone number. For a small number of students, there was also Personal Health Information Number, relevant medical information (e.g., allergies), and/or relevant alerts (e.g., related to discipline, guardian, custody, or other issues).

For staff, the information involved was name, school contact information, and/or school ID number.

The email from PowerSchool also refers to Social Insurance Number (SIN) as potentially involved but should also include a statement if there is no evidence that your SIN was involved – please review the email carefully. Based on our own investigation of the information stored in our SIS, no parent/guardian, staff, or student SIN, banking, or credit card information was stored in our SIS and thus such information was NOT involved in the incident – the email from PowerSchool should thus say there is no evidence your SIN was involved.  PowerSchool has nevertheless offered identity protection and/or credit monitoring to all individuals with any information involved. We encourage you to sign up for the services offered by PowerSchool.

When we learned of the incident, we conducted an investigation with the assistance of experts and worked diligently to request details from PowerSchool. We also worked with other school divisions in Manitoba that are similarly impacted. We have been assured by PowerSchool that the incident has been contained. We took steps to confirm there was no ongoing threat and to reduce the risk of a similar future threat, including by confirming that PowerSchool: engaged its cybersecurity response protocols, engaged a cybersecurity expert to conduct a forensic investigation, deactivated a compromised account, conducted a full password reset, initiated enhanced processes for access, further strengthened password policies and controls, and notified law enforcement. We have also informed the Manitoba Ombudsman of the incident and have included additional information you can review by viewing: Steps You Can Take To Help Protect Personal Information.pdf.

Please find answers to some questions you may have by viewing: FAQ.pdf.  If you have any additional questions, they can be directed to Denis Labossiere, Secretary-Treasurer, at info@bsd.ca.

In Brandon School Division, we take cybersecurity and protecting information seriously. We sincerely regret that this incident occurred and thank you for your understanding.

BRANDON SCHOOL DIVISION
1031 – 6th Street | Brandon, MB | R7A 4K5
Web: www.bsd.ca | Email:  info@bsd.ca

 

Back to top