I suppose it may not have -technically- been ransomware, but I'd suggest that if you're paying ransom to a hacker group, no one really cares whether or not the data got encrypted as part of the attack.
Late to this party. I got an email on March 6th about my child's data being part of this December 2024 breach. He used to attend SD74 in Lincolnwood and is in high school now, so I wasn't going on his old junior high's website to learn about this data breach from his old school. That was the only place SD74 was putting out any info so I had no idea my family's info was part of this until PowerSchool emailed me.
When I called SD74 to ask questions, the super and IT person called me right back and explained that PowerSchool refused to give them details about how far back or how many SD74 students' info was involved. Since SD74 has contracted with PowerSchool since 2004, they weren't able to effectively reach out to all alumni and families in the past 21 years. The school districts are in a hard spot between the EdTech powerhouses and the hackers, who frankly, give the impression that they are in full on cahoots or are at least kindred spirits.
I reached out to Rep. Olickal to ask him to co-sponsor HB 2696 so that SOPPA has actual teeth. He said he is going to co sponsor it, so that's something. IL Families for Public Schools has been a really great resource on this, in addition to this substack. So thank you to FOIA Gras.
Do you know if that is the case if my son is no longer a student there? As I mentioned, they don't know which student data was included in this breach going back to 2004. That is a lot of LWD families who should have been notified even if the kids involved weren't students at the time.
I don't know how much blame I can give them since 199 out of 852 IL districts use this same vendor, including ones more well run. ETHS uses one called eSchool, which I suppose was a better decision.
Per the email I received from ETHS, Powerschool actually owns eSchool. (email below).
Dear ETHS Students and Families,
We are aware of the recent data breach involving PowerSchool which has impacted schools both locally and nationwide. Evanston Township High School uses eSchool, a student information system owned by PowerSchool. We have confirmed with PowerSchool that our data was not affected by this incident.
The safety and security of our student records is a top priority. Though there is no evidence of impact to the District, ETHS remains proactive and vigilant in working closely with PowerSchool to monitor this matter and any further developments. We are actively communicating with PowerSchool to understand how this breach occurred and what measures are being implemented to prevent similar incidents in the future.
ETHS will notify students and families of any important updates as we receive them.
I don’t know what to think about ETHS’s email - when I talked to some people over there on Wednesday they told me the grades and report cards were going to be posted late because they were having major I.T. Issues. Report cards did come out on Thursday so who knows if any of these issues were related or if the issues they were having were something completely unrelated.
This is a little silly. It’s among the market leaders. D65 deserves a lot of blame for a lot of things but contracting with a market leader who has a data breach is not among them.
Just got an email from ETHS. They use eSchool, so no data stolen there.
I suppose it may not have -technically- been ransomware, but I'd suggest that if you're paying ransom to a hacker group, no one really cares whether or not the data got encrypted as part of the attack.
Yeah, I never understood people who pay ransom to the hackers for a promise to not distribute the data. I'm not sure I'd trust the honor of thieves.
Late to this party. I got an email on March 6th about my child's data being part of this December 2024 breach. He used to attend SD74 in Lincolnwood and is in high school now, so I wasn't going on his old junior high's website to learn about this data breach from his old school. That was the only place SD74 was putting out any info so I had no idea my family's info was part of this until PowerSchool emailed me.
When I called SD74 to ask questions, the super and IT person called me right back and explained that PowerSchool refused to give them details about how far back or how many SD74 students' info was involved. Since SD74 has contracted with PowerSchool since 2004, they weren't able to effectively reach out to all alumni and families in the past 21 years. The school districts are in a hard spot between the EdTech powerhouses and the hackers, who frankly, give the impression that they are in full on cahoots or are at least kindred spirits.
I reached out to Rep. Olickal to ask him to co-sponsor HB 2696 so that SOPPA has actual teeth. He said he is going to co sponsor it, so that's something. IL Families for Public Schools has been a really great resource on this, in addition to this substack. So thank you to FOIA Gras.
Woah! Your district has notification requirements to tell you!! You had to lean from ME?!
LOL, I learned it from PowerSchool, but I learned the proper details from you, yes! Cool and yet....not cool!
Wow D74 definitely should've notified you, they have a legal requirement
Do you know if that is the case if my son is no longer a student there? As I mentioned, they don't know which student data was included in this breach going back to 2004. That is a lot of LWD families who should have been notified even if the kids involved weren't students at the time.
District 65 bears some blame for using this tech in the first place. Why are they contracting with this company?
What does the software actually do that can’t be done in-house or by another vendor?
I don't know how much blame I can give them since 199 out of 852 IL districts use this same vendor, including ones more well run. ETHS uses one called eSchool, which I suppose was a better decision.
Per the email I received from ETHS, Powerschool actually owns eSchool. (email below).
Dear ETHS Students and Families,
We are aware of the recent data breach involving PowerSchool which has impacted schools both locally and nationwide. Evanston Township High School uses eSchool, a student information system owned by PowerSchool. We have confirmed with PowerSchool that our data was not affected by this incident.
The safety and security of our student records is a top priority. Though there is no evidence of impact to the District, ETHS remains proactive and vigilant in working closely with PowerSchool to monitor this matter and any further developments. We are actively communicating with PowerSchool to understand how this breach occurred and what measures are being implemented to prevent similar incidents in the future.
ETHS will notify students and families of any important updates as we receive them.
Thank you,
Mike Corcoran
Chief Technology Officer
Wow they lucked out that Powerschool didnt integrate eschool into SIS
I don’t know what to think about ETHS’s email - when I talked to some people over there on Wednesday they told me the grades and report cards were going to be posted late because they were having major I.T. Issues. Report cards did come out on Thursday so who knows if any of these issues were related or if the issues they were having were something completely unrelated.
This is a little silly. It’s among the market leaders. D65 deserves a lot of blame for a lot of things but contracting with a market leader who has a data breach is not among them.
"For all current and former D65 students in PowerSchool..." Is there any indication of how far back in time this goes?
D65 has only been using PowerSchool since Fall ‘20.
Thank you for this, I was trying to figure this out