Alabama school districts involved in data breach incident

WALKER COUNTY, Ala. (WBMA) — School districts in Alabama announced Wednesday they were involved in a cybersecurity incident.

Walker County Schools and Calhoun County Schools said the incident involved the provider of educational software, PowerSchool, used to collect student information.

School district officials said last month PowerSchool discovered unauthorized access to certain customer information through the PowerSource portal.

Calhoun County Schools says the system is state-mandated.

The Alabama State Department of Education (ALSDE) and Superintendent Eric Mackey said the breach was caused by the compromise of credentials providing access to certain customer records in a student information system managed by PowerSchool.

ALSDE added that the data breach was a direct attack on PowerSchool internationally and was not a cyberattack targeting ALSDE or any school system in Alabama.

According to the company, cybersecurity response protocols were immediately activated, including the involvement of law enforcement and external experts. PowerSchool stated that the incident has been contained and there is no evidence of malware or ongoing unauthorized activity, and PowerSchool continues to operate normally. The compromised credentials have been deactivated and the affected portal has been secured. This was not a denial of service attack. The data accessed primarily included family and teacher information, such as names and addresses, depending on the school district.

SEE ALSO: The Alabama Institute for the Deaf and Blind is the victim of a data breach
SEE ALSO: Chilton County Schools is dealing with district-wide internet and phone outages

The Alabama Institute for the Deaf and Blind he said this event also had an impact.

School districts said the data affected may include sensitive personal information such as names, addresses and email addresses. I might add that Social Security numbers were out of the question.

PowerSchool has reportedly deactivated the hacked credentials and is offering credit monitoring and identity protection services to some of the affected individuals.

PowerSchool assured that the incident has been contained and there is no evidence of ongoing unauthorized activity or operational disruption. The company also said the data was deleted and was not shared or made public “after obtaining reasonable assurances from the threat actor confirming its deletion.”

ALDSE said some students’ medical and grade information may have been affected. PowerSchool ensures that the data has been deleted and has not been shared or made public, . There were no operational disruptions. PowerSchool will offer credit monitoring and identity protection services to those whose sensitive data was breached. This may or may not include customers in Alabama because, again, we do not collect or maintain the most sensitive personal information, such as Social Security numbers.

School districts said they are working closely with PowerSchool to communicate with families, teachers and stakeholders.