Canada’s privacy commissioner is communicating with PowerSchool after the software – used by schools across North America to store student data – was the subject of a high-profile data breach.
“The Office of the Privacy Commissioner of Canada is in contact PowerSchool to obtain more information about this breach and to determine next steps,” a spokesperson for Philippe Dufresne’s office wrote in an email to Global News.
The statement from Dufresne’s office comes after it was reported by the Canadian Press Several Canadian school boards are among those affected by the data breach.
Officials in Ontario, Alberta, Newfoundland and Labrador and Nova Scotia say they are working with PowerSchool to determine the extent of the breach.
The company behind the software says on its website that it determined that certain “personally identifiable information,” such as Social Security numbers and medical information, “was involved” in the breach. PowerSchool says it is working to identify whose data may have been leaked during the incident, which it said it learned about on December 28.
How can children be affected?
John Zabiuk, chair of the Northern Alberta Institute of Technology (NAIT Polytechnic) cybersecurity program, said if that information about children were to be leaked, “we want to make sure that there are no predators or anyone who wants to harm children using that (information).”
Receive the latest national news
For news affecting Canada and around the world, sign up for breaking news alerts sent directly to you as they happen.
Zabiuk warned that whether the leaked information concerns social security numbers or more basic information such as a name, phone number and date of birth, it could start the process towards the information being used by bad actors.
“As long as you have enough information to confirm that you are who you say you are, you can assume an identity,” he said.
He added that if a SIN was accessed, a person could use it to create an account in that student’s name and thus “effectively take over” someone’s financial life, which could lead to a student later discovers that he has bad credit.
A spokesperson for PowerSchool added that it was working “with urgency” to identify the specific individuals whose data may have been compromised and said that “the affected data varies in volume and sensitivity by school district.”
Zabiuk said that while it is not yet known to what extent students, staff or parents will be affected, the breach provides an opportunity for people to talk to their children about online safety.
“Let them know what kinds of things can happen and what they need to be aware of, in terms of maybe suddenly strange people are contacting them, receiving emails or things just seem weird,” he said.
Zabiuk added that PowerSchool will need to look at its architecture going forward to prevent future data breaches, saying the fact that one account gained access to multinational data is a problem.
According to information from PowerSchool, the data breach involved unauthorized access to certain data from the PowerSchool Student Information System (SIS) through PowerServe, one of the community-based customer portals.
The company says it communicated with its customers on January 7 and that customers who do not use PowerSchool SIS were not affected.
Some school boards have indicated which information was consulted, for example St. Albert public schools in Alberta that recorded names, dates of birth, phone numbers and addresses of accounts dating back to 2012 were exported, while others, such as the Toronto District School Board, said it was still working to determine what data could be accessed.
The Office of the Ontario Privacy Commissioner told Global News it had received reports of privacy breaches related to the incident from 19 school boards and was investigating the matter, but could not provide further information on what data may have been accessed, calling it “ very concerning” that sensitive data may have been exposed.
Edmonton Catholic Schools posted online a letter it received from PowerSchool indicating there had been an impact, with the Cape Breton-Victoria Regional Center for Education in Nova Scotia also saying it was part of the breach, but none both gave further details.
The company told Global News that it expects the majority of affected customers had not “exfiltrated” Social Security numbers or medical information, although it did not specify whether Canadian Social Security numbers had been accessed.
PowerSchool also says there is no evidence that credit card or banking information was involved.
—with files from The Canadian Press
© 2025 Global News, a division of Corus Entertainment Inc.
Source link
Canada,Tech,cyber attack,Data Breach,Powerschool , Strength school,cyber attack,Data breach,Canada,Technology , #Canadian #privacy #watchdog #contact #PowerSchool #student #data #hack #National, #Canadian #privacy #watchdog #contact #PowerSchool #student #data #hack #National, 1736983538, canadian-privacy-watchdog-in-contact-with-powerschool-over-student-data-hack-national