PowerSchool Security Breach Credit Monitoring & FAQ's
We are writing to provide an update regarding the cyber incident involving PowerSchool’s Student Information System – the application used by Durham District School Board (DDSB) and many school boards across North America to store certain student and staff information.
This incident has affected current and former students and staff.
PowerSchool is offering two years of identity protection services at no cost, provided by Experian, a consumer credit reporting company, to students and educators whose information was involved. In addition, for students and educators whose data was affected and have reached the age of majority, PowerSchool is also offering two years of credit monitoring services provided by TransUnion at no cost.
All students and educators, past and present, can sign up for Experian’s services. Only adults can sign up for TransUnion’s services. PowerSchool is not offering these services to parents, guardians or emergency contacts.
Since the incident, PowerSchool has monitored for signs of information misuse. They have reported that they are not aware at this time of any identity theft attributable to this incident. We encourage those who are eligible to sign up for these complimentary services.
PowerSchool has provided instructions for signing up for these services. For your convenience we have also copied the instructions below.
Offer: Experian Identity Protection Services – Available to All Involved Students and Educators
Enrolment Instructions for Experian IdentityWorks
- Ensure that you enroll by July 31, 2025 (Your code will not work after this date at 5:59 UTC)
- Visit the Experian IdentityWorks website to enroll: https://www.globalidworks.com/identity1
- Provide your activation code: MPRT987RFK
- For questions about the product or help with enrolment, please email globalidworks@experian.com
Details Regarding Your Experian IdentityWorks Membership
A credit card is not required for enrolment in Experian IdentityWorks. You can contact Experian immediately regarding any fraud issues, and have access to the following features once you enrol in Experian IdentityWorks:
- Internet Surveillance: Technology searches the web, chat rooms & bulletin boards 24/7 to identify trading or selling of your personal information on the Dark Web.
- Fraud Remediation Tips: Self-help tips are available on your member centre.
Offer: TransUnion Credit Monitoring Services – Available to Involved Students and Educators Who have Reached the Age of Majority in their Applicable Province or Territory
Enrolment Instructions for TransUnion myTrueIdentity
- Ensure that you enroll by May 30, 2025
- Please visit http://www.powerschool.com/security/canada-credit-monitoring/. There you will find a link to the validation website, https://CaCreditMonitoringValidationPage-PowerSchool.com/, where you will be prompted to validate your information by entering your first name, last name and year of birth.
- Once you validate, ensure you write down or screen shot the activation code provided, as once you leave the page, you will not be able to retrieve it again.
- If your identity is validated, a pop up will appear that provides an activation code and provides you a link to TransUnion’s myTrueIdentity site to enroll.
PowerSchool has provided a call centre to address questions regarding these services. If you have any questions or concerns about this notice, please call 833-918-7884, Monday through Friday, 8:00am through 8:00pm Central Time (excluding major US holidays). Please be prepared to provide engagement number B138905.
Should you have any questions about this notice, please do not hesitate to contact us at powerschoolincident@ddsb.ca
______________________________
January 20, 2025
We are writing to provide an update on the cyber incident involving PowerSchool’s Student Information System – the application used by Durham District School Board (DDSB) and many school boards across North America to store certain student and staff information.
This incident has affected current and former students and staff.
What Happened
On January 7th, PowerSchool informed DDSB and other school boards, both nationally and internationally, that it had experienced a cyber incident, and that this incident affected DDSB. Since then, we have been working with PowerSchool and internal and external experts to determine the precise information that was affected.
PowerSchool has reported that it received confirmation that the data acquired by the unauthorized user was deleted and that the data was not posted online. Nevertheless, DDSB continues to take this incident very seriously, and is working with PowerSchool to ensure an incident like this does not happen again in the future.
What Information Was Affected
We have worked with PowerSchool to determine that the following information was affected:
For students enrolled at DDSB from 2006 to 2025, student name, address, home phone number, date of birth, gender, grade, parent/guardian name, and Ontario Education Number were part of the data affected. For most students, the data also included their doctor’s name, doctor’s phone number, emergency contact name and contact information, and school transfer information.
For a small minority of students, guardian email address, custodial arrangements, some medical alert information, and a yes or no indicator if a student has an individual education plan (IEP), were also impacted.
For a very limited number of students enrolled from 1997 to 2005, similar information was affected.
With respect to medical alert information, if you provided information to your child’s school about your child’s allergies, medical conditions or injuries when completing the start of school year forms, this information was included in the data that may have been accessed or acquired. Please note that medical information provided to or by members of DDSB’s Inclusive Student Services/Special Education team (e.g. Psychological Services, Audiologist, Speech-Language Pathologists, and Social Workers), such as information related to Individual Placement Review Committee decisions (IPRCs) and Individual Education Plans (IEPs) – this information was stored in a separate database and not impacted by this incident.
For teachers, administrators, school office staff, superintendents and department staff who worked at DDSB from 2013-2025 and who have access to the PowerSchool student information system, affected data includes employee name, DDSB username and employee number, Board email address, and job title. For a small number of staff, home address and home phone number were also impacted.
Staff who do not have access to the PowerSchool student information system?were not affected by this cyber incident.
To be clear, DDSB does not store any Social Insurance Numbers, financial, or banking information in the PowerSchool Student Information System, so that information was not affected in any way.
The Board has notified and is working with the Ontario Information and Privacy Commissioner in responding to this incident. While you are entitled to file a complaint, the IPC has advised that it is not necessary as they are already investigating the matter. You can visit the IPC’s website at www.ipc.on.ca.
Where Can I Find the Latest Information?
We will continue to provide additional updates as we receive them. Frequently Asked Questions (FAQ) can be found below, and we will continue to update the FAQs with any new or relevant information. You can also view FAQ's from PowerSchool on their website.
We also recognize that you may have questions about what has occurred. Should you have any questions, please contact powerschoolincident@ddsb.ca.
We appreciate your patience and understanding, and sincerely regret any concern this has caused you.
_______________________
Frequently Asked Questions - Updated March 26, 2025
What happened??
On December 28, 2024, PowerSchool, a third-party service provider used by the Durham District School Board (DDSB), became aware of a cybersecurity incident involving unauthorized access to certain PowerSchool Student Information System (SIS) information.
On January 7, 2025, PowerSchool notified DDSB of the incident and that personal information of our students and educators may have been impacted.?
What is PowerSchool???
PowerSchool is a software company utilized by many school boards internationally to store a range of student information and a limited amount of school-based staff information.
Who was affected?
Many public boards and private schools across North America who use PowerSchool SIS were affected by this incident.
What data was accessed?
We have worked with PowerSchool to determine that the following information was affected:
For students enrolled at DDSB from 2006 to 2025,?student name, address, home phone number, date of birth, gender, grade, parent/guardian name, and Ontario Education Number were part of the data affected.
For most students,?the data also included their doctor’s name, doctor’s phone number, emergency contact name and contact information, and school transfer information.
For a small minority of students, guardian email address, custodial arrangements, some medical alert information, and a yes or no indicator if a student has an individual education plan (IEP), were also impacted.
For a very limited number of students enrolled from 1997 to 2005, similar information was affected.?
The following was?NOT?part of the data accessed:
- No academic records were part of the data set.
- Social insurance numbers, banking or financial information was not compromised.
- Medical information provided to or by members of DDSB’s Inclusive Student Services/Special Education team (e.g. Psychological Services, Audiologist, Speech-Language Pathologists, and Social Workers) such as IEP or IRC information is stored in a separate database and was not impacted by this incident.
DDSB Staff Information - all teachers, administrators, school office staff, superintendents and department staff who worked at DDSB from 2013-2025 and who have access to the PowerSchool SIS system:?
- Employee name
- Employee number
- Job title
- DDSB username
- DDSB email address?
For a small number of teachers, administrators, school office staff, superintendents and department staff who worked at DDSB from 2013-2025 and who have access to the PowerSchool SIS system:
- Home address
- Home phone number
Please note that sensitive educator information, like financial information, was not compromised.
Other staff??
Staff who do not have access to the PowerSchool student information system were not affected by this cyber incident.
What steps are you taking to prevent this from happening again?
Following this incident, we are conducting a thorough review of our vendor retention practices and enhancing our protocols to ensure third-party providers meet best practices for data protection. We are committed to continuously improving our systems and processes to safeguard the privacy of our community. We have many measures in place to protect student, staff, and family data and will continue to implement industry best-practices and provide extensive training for our staff. As part of our commitment to digital transformation, DDSB is also adopting Microsoft Cloud Technologies to create a modern and secure technology ecosystem for our staff, and students.
Where can I learn more about the incident?
PowerSchool has?posted an FAQ on their website?to share information, which includes steps they have taken to address this incident and protect student, family and educator information moving forward.?
Did the Board notify the Office of the Information and Privacy Commissioner?
Yes, the Board has notified and is working with the?Ontario Information and Privacy Commissioner?in responding to this incident. While you are entitled to file a complaint, the IPC has advised that it is not necessary as they are already investigating the matter.
Was any credit card or banking information involved in this incident?
No. Both PowerSchool and the Board’s own internal investigation can confirm that there is no evidence of any credit card or banking information being compromised.?
Is there any indication that compromised information has been released?
There is no evidence of the compromised information having been released at this time.
Why were you keeping my student data if I was no longer enrolled in the board?
We keep information about former students in accordance with provincial requirements under the Education Act and to respond to former student information requests. We are taking this opportunity to assess our records retention practices to ensure that we are only keeping what is necessary to conduct the Board’s business.
I attended the DDSB many years ago. Was my information impacted?
Our PowerSchool SIS stores data for students who attended a DDSB school from 2006-2025, with very limited students impacted attending DDSB schools between 1997-2005. If you were a DDSB student prior to this, your information was not impacted as part of this incident.?
Is credit monitoring being provided?
Yes. PowerSchool is offering two years of identity protection services, provided by Experian, a consumer credit reporting company, to students and educators whose information was involved. In addition, for students and educators whose data was affected and have reached the age of majority, PowerSchool is also offering two years of credit monitoring services provided by TransUnion at no cost.
All students and educators, past and present, can sign up for Experian’s services. Only adults can sign up for TransUnion’s services. PowerSchool is not offering these services to parents, guardians or emergency contacts.
Since the incident, PowerSchool has monitored for signs of information misuse. They have reported that they are not aware at this time of any identity theft attributable to this incident. We encourage those who are eligible to sign up for these complimentary services.
PowerSchool has provided instructions for signing up for these services. For your convenience we have also copied the instructions below.
Offer: Experian Identity Protection Services – Available to All Involved Students and Educators
Enrolment Instructions for Experian IdentityWorks
- Ensure that you enroll by July 31, 2025 (Your code will not work after this date at 5:59 UTC)
- Visit the Experian IdentityWorks website to enroll: https://www.globalidworks.com/identity1
- Provide your activation code: MPRT987RFK
- For questions about the product or help with enrolment, please email globalidworks@experian.com
Details Regarding Your Experian IdentityWorks Membership
A credit card is not required for enrolment in Experian IdentityWorks. You can contact Experian immediately regarding any fraud issues, and have access to the following features once you enroll in Experian IdentityWorks:
- Internet Surveillance: Technology searches the web, chat rooms & bulletin boards 24/7 to identify trading or selling of your personal information on the Dark Web.
- Fraud Remediation Tips: Self-help tips are available on your member centre.
Offer: TransUnion Credit Monitoring Services – Available to Involved Students and Educators Who have Reached the Age of Majority in their Applicable Province or Territory
Enrolment Instructions for TransUnion myTrueIdentity
- Ensure that you enroll by May 30, 2025
- Please visithttp://www.powerschool.com/security/canada-credit-monitoring/. There you will find a link to the validation website,https://CaCreditMonitoringValidationPage-PowerSchool.com/, where you will be prompted to validate your information by entering your first name, last name and year of birth.
- Once you validate, ensure you write down or screen shot the activation code provided, as once you leave the page, you will not be able to retrieve it again.
- If your identity is validated, a pop up will appear that provides an activation code and provides you a link to TransUnion’s myTrueIdentity site to enroll.
PowerSchool has provided a call centre to address questions regarding these services. If you have any questions or concerns about this notice, please call 833-918-7884, Monday through Friday, 8:00am through 8:00pm Central Time (excluding major US holidays). Please be prepared to provide engagement number B138905.
Should you have any questions about this notice, please do not hesitate to contact us at powerschoolincident@ddsb.ca
Why is credit/identity monitoring not being offered to parents/guardians/emergency contacts?
Parents/guardians/emergency contacts mostly did not have sensitive data affected. These services are being offered to those who had more than name and contact information included in the affected data set. ??
Can I opt-out of PowerSchool?
Not at this time. DDSB is using this incident to review the information practices of all of its vendors.
Is the Board changing vendors?
Not at this time.
Were all PowerSchool products impacted?
No. Only PowerSchool SIS was impacted by this incident. Other PowerSchool tools were not impacted.?
I have additional questions not addressed by these FAQs.
A dedicated email address has been created where individuals can send any additional questions they may have. Please send any additional questions to?powerschoolincident@ddsb.ca??
Back to Search 