17 Comments

Just got an email from ETHS. They use eSchool, so no data stolen there.

Expand full comment

I suppose it may not have -technically- been ransomware, but I'd suggest that if you're paying ransom to a hacker group, no one really cares whether or not the data got encrypted as part of the attack.

Expand full comment

Yeah, I never understood people who pay ransom to the hackers for a promise to not distribute the data. I'm not sure I'd trust the honor of thieves.

Expand full comment

Late to this party. I got an email on March 6th about my child's data being part of this December 2024 breach. He used to attend SD74 in Lincolnwood and is in high school now, so I wasn't going on his old junior high's website to learn about this data breach from his old school. That was the only place SD74 was putting out any info so I had no idea my family's info was part of this until PowerSchool emailed me.

When I called SD74 to ask questions, the super and IT person called me right back and explained that PowerSchool refused to give them details about how far back or how many SD74 students' info was involved. Since SD74 has contracted with PowerSchool since 2004, they weren't able to effectively reach out to all alumni and families in the past 21 years. The school districts are in a hard spot between the EdTech powerhouses and the hackers, who frankly, give the impression that they are in full on cahoots or are at least kindred spirits.

I reached out to Rep. Olickal to ask him to co-sponsor HB 2696 so that SOPPA has actual teeth. He said he is going to co sponsor it, so that's something. IL Families for Public Schools has been a really great resource on this, in addition to this substack. So thank you to FOIA Gras.

Expand full comment

Woah! Your district has notification requirements to tell you!! You had to lean from ME?!

Expand full comment

LOL, I learned it from PowerSchool, but I learned the proper details from you, yes! Cool and yet....not cool!

Expand full comment

Wow D74 definitely should've notified you, they have a legal requirement

Expand full comment

Do you know if that is the case if my son is no longer a student there? As I mentioned, they don't know which student data was included in this breach going back to 2004. That is a lot of LWD families who should have been notified even if the kids involved weren't students at the time.

Expand full comment

District 65 bears some blame for using this tech in the first place. Why are they contracting with this company?

What does the software actually do that can’t be done in-house or by another vendor?

Expand full comment

I don't know how much blame I can give them since 199 out of 852 IL districts use this same vendor, including ones more well run. ETHS uses one called eSchool, which I suppose was a better decision.

Expand full comment

Per the email I received from ETHS, Powerschool actually owns eSchool. (email below).

Dear ETHS Students and Families,

We are aware of the recent data breach involving PowerSchool which has impacted schools both locally and nationwide. Evanston Township High School uses eSchool, a student information system owned by PowerSchool. We have confirmed with PowerSchool that our data was not affected by this incident.

The safety and security of our student records is a top priority. Though there is no evidence of impact to the District, ETHS remains proactive and vigilant in working closely with PowerSchool to monitor this matter and any further developments. We are actively communicating with PowerSchool to understand how this breach occurred and what measures are being implemented to prevent similar incidents in the future.

ETHS will notify students and families of any important updates as we receive them.

Thank you,

Mike Corcoran

Chief Technology Officer

Expand full comment

Wow they lucked out that Powerschool didnt integrate eschool into SIS

Expand full comment

I don’t know what to think about ETHS’s email - when I talked to some people over there on Wednesday they told me the grades and report cards were going to be posted late because they were having major I.T. Issues. Report cards did come out on Thursday so who knows if any of these issues were related or if the issues they were having were something completely unrelated.

Expand full comment

This is a little silly. It’s among the market leaders. D65 deserves a lot of blame for a lot of things but contracting with a market leader who has a data breach is not among them.

Expand full comment

"For all current and former D65 students in PowerSchool..." Is there any indication of how far back in time this goes?

Expand full comment

D65 has only been using PowerSchool since Fall ‘20.

Expand full comment

Thank you for this, I was trying to figure this out

Expand full comment