PowerSchool Cybersecurity Event (Updated)

Updated: February 20, 2025

Dear Brandon School Division Community,

We are aware that PowerSchool has begun sending out notices to students, parents/guardians, and educators whose information was involved in the cybersecurity incident it previously experienced. You may shortly receive this notice or may have already received it. We were advised previously that this notice will be sent by email from ps-sis-incident@mail.csid.com, which we mentioned in our previous communication.

We have now been advised that the notice may be sent by email from any one of the following similar email addresses:

• Ps-sis-incident@mail.csid.com 
• Ps-sis-incident@mail1.csid.com
• Ps-sis-incident@mail2.csid.com

If you receive or have received an email from any one of the email addresses mentioned above, we have been assured by PowerSchool that it is a legitimate email and not spam or phishing.

As mentioned previously, PowerSchool has also advised that you can call 833-918-7884 if you have any questions.

BRANDON SCHOOL DIVISION
1031 – 6th Street | Brandon, MB | R7A 4K5
Web: www.bsd.ca | Email:  info@bsd.ca

FREQUENTLY ASKED QUESTIONS

THE INCIDENT

What happened? 

On January 7, 2025, PowerSchool informed Brandon School Division that it had experienced a cybersecurity incident involving unauthorized access to certain customer information in late December 2024. Brandon School Division is a customer of PowerSchool, like many other educational institutions across North America. PowerSchool provides a Student Information System (SIS).  

PowerSchool also informed us that the unauthorized access included access to information related to Brandon School Division. PowerSchool will be notifying individuals by email and we understand the email will be sent from ps-sis-incident@mail.csid.com. We understand these emails will be sent by PowerSchool in the coming weeks. 

Whether or not you receive an email, you may also visit PowerSchool’s website to learn how to activate the identity protection and/or credit monitoring services.  The PowerSchool website also includes information in French.  Anyone, including those under 18, can utilize the identity protection services. You may not be able to access the credit monitoring services immediately, as PowerSchool is still updating its list of eligible individuals. PowerSchool indicated that its updates should be completed by the end of February. PowerSchool has advised that you can call 833-918-7884 if you have any questions.

We have been informed that PowerSchool has contained the incident and that there is no evidence of malware or continued unauthorized activity in the PowerSchool environment. There have been no operational impacts on Brandon School Division as a result of this incident. 

Who did this and for what purpose?

This incident occurred at PowerSchool. We await additional details about the incident from PowerSchool. Unfortunately, organizations across the public and private sectors are increasingly being impacted by incidents like this. 

How did you respond to the incident? 

Upon becoming aware of the cybersecurity incident, Brandon School Division has been working diligently to investigate, to request more details from PowerSchool and ask questions about the details it has provided to date. We have also been investigating this incident ourselves, with assistance from experts.  We continue to work diligently to request more details from PowerSchool and ask questions about the details it has provided to date.

PowerSchool has informed us that it has taken various response actions, including containing the incident, informing law enforcement, investigating the incident, conducting a full internal password reset, and tightening password for all its internal accounts.

PowerSchool is in the process of notifying Canadian regulators about this incident. (Brandon School Division has already notified the Manitoba Ombudsman.)  PowerSchool will be notifying individuals by email and we understand the email will be sent from ps-sis-incident@mail.csid.com. We understand these emails will be sent by PowerSchool in the coming weeks. Whether or not you receive an email, you may also visit PowerSchool’s website to learn how to activate the identity protection and/or credit monitoring services.  The PowerSchool website also includes information in French.  Anyone, including those under 18, can utilize the identity protection services. You may not be able to access the credit monitoring services immediately, as PowerSchool is still updating its list of eligible individuals. PowerSchool indicated that its updates should be completed by the end of February. PowerSchool has advised that you can call 833-918-7884 if you have any questions.

How long will the investigation take? 

PowerSchool has advised it intends to provide additional details shortly. Once we have additional details from PowerSchool, we will seek to complete our investigation as quickly as possible.

Has the incident been resolved? 

We have been informed that PowerSchool has contained the incident and that there is no evidence of malware or continued unauthorized activity in the PowerSchool environment. There have been no operational impacts on Brandon School Division as a result of this incident.

THE RESPONSE

Has law enforcement been notified?

Yes, PowerSchool has advised us that it has notified law enforcement.

Has the Manitoba Ombudsman been advised?

Yes, the Manitoba Ombudsman has been advised.

THE IMPACT

Why did this happen to Brandon School Division?

PowerSchool is a vendor used by many educational institutions in North America. We are a customer of PowerSchool and, as a result of the incident experienced by PowerSchool, we were impacted. We have no reason to believe that Brandon School Division was a specific target in this incident. 

THE DATA

Has information been accessed? Was information from Brandon School Division exposed?

PowerSchool confirmed that there was unauthorized access to certain PowerSchool customer data, including data related to Brandon School Division. PowerSchool’s investigation is ongoing and we await additional details from PowerSchool. 

Based on our own investigation to date of the information stored in our SIS, we can advise that no parent/guardian, staff, or student Social Insurance Number (SIN), banking, or credit card information has been identified as stored in our SIS.  PowerSchool has nevertheless advised us that the identity protection and credit monitoring offers mentioned above will be sent to all individuals with any information involved.