PowerSchool cybersecurity incident

Last updated: May 12, 2025

cybersecurity incident involving PowerSchool, a Kindergarten to Grade 12 school software provider, has affected clients in Canada, the United States, and other parts of the world, including the Northwest Territories.

On January 15, 2025, PowerSchool confirmed with the Government of the Northwest Territories (GNWT) that unauthorized access to PowerSchool's cloud environment led to the theft of records from several education bodies in the NWT.

On May 7, 2025 PowerSchool notified customers that a cybercriminal had contacted some PowerSchool Student Information System customers, such as school districts, as part of the ransomware attack.

As information and facts are verified through the investigation, this page will be updated.

The breach was not within the GNWT’s network.

What should I do if the cybercriminal involved in the breach contact me?

The Government of Canada strongly discourages paying ransom, as it supports the ransom business model and increases the risk and likelihood of this continuing. Cybercriminals are not to be trusted and will continue to demand more money even if a ransom is paid. This is how they operate.

What should I do if I suspect my information or my child’s information was part of the breach?

PowerSchool is offering complimentary services for individuals whose information was impacted by this breach. Services include:

  • Two years of complimentary identity protection services, provided by Experian, to students and educators whose information was involved. You must enroll by May 30, 2025.
  • Two years of credit monitoring services, provided by TransUnion (for involved students and educators who have reached the age of majority).

Remain vigilant against incidents of identity theft and fraud by reviewing account statements for suspicious activity. PowerSchool will never contact you by phone or email to request your personal or account information.

To access these services visit: Notice of Data Breach For Individuals in Canada | PowerSchool

How do I know if my information or my child’s information was part of the breach?

On January 30, 2025, the GNWT confirmed that the number of impacted individuals for the NWT is approximately 35,082 (32,734 students and 2,348 educators or staff). 

Due to the large number of impacted individuals, it is anticipated that the data may go back further than 2012, however this data is still be validated. 

Individuals affected by the breach will be notified directly by PowerSchool in the coming weeks by email, however, if you believe your data may have been affected, you’re encouraged to call PowerSchool at 833-918-7884, Monday through Friday, 8:00 am through 8:00 pm Central Time (excluding major US holidays). Please be prepared to provide engagement number B138905.

What do I do if I don’t get an email from Experian on behalf of PowerSchool?

If you have not received an email communication from Experian on behalf of PowerSchool and you believe your information would have been affected, please call 833-918-7884, Monday through Friday, 8:00 am through 8:00 pm Central Time (excluding major US holidays). Please be prepared to provide engagement number B138905.

What type of information was impacted?

The breach involved current and past student and staff information stored within the PowerSchool system, including:

  • student names
  • student mailing addresses
  • student dates of birth
  • student home phone numbers
  • medical conditions (i.e., asthma, allergies)
  • parent/guardian names
  • teacher names
  • teacher home phone numbers
  • teacher email addresses

When did the GNWT find out about the breach? 

The Department confirmed the breach of NWT information on January 15, 2025.

Which education bodies in the Northwest Territories are impacted?

On January 15, 2025, the GNWT confirmed that the breach of PowerSchool’s cloud environment led to the theft of records from the Beaufort Delta Divisional Education Council, Dehcho Divisional Education Council, South Slave Divisional Education Council, Yellowknife Catholic Schools, and Yellowknife Education District No. 1.

As the investigation continued it was later confirmed that the breach also impacted the Dettah District Education Authority and the Ndilǫ Education Authority as these education bodies are included within YK1’s PowerSchool account.  

How did the breach occur?

PowerSchool’s investigation determined that an unauthorized party gained access to data using a compromised credential belonging to one of their staff. As soon as PowerSchool learned of the incident, they immediately engaged in their cybersecurity response protocols. PowerSchool has implemented enhanced security measures and confirmed that the breach has been contained.

Why does the NWT and other jurisdictions use a third party, like PowerSchool for this data?

Education systems are complex and require an information management system. Jurisdictions, including the NWT, use reputable and trusted applications for this information management. When using a third party, such as in this case, the GNWT conducts a rigorous privacy impact assessment.

PowerSchool is a student information system that is used extensively by classroom teachers and administrators across the globe. The functionality provided by this system allows for accurate record-keeping on grades, attendance, emergency contact information and much more. Access to this information is limited even within the school environment by role-based login credentials. Only those individuals who have a direct connection to the student’s instruction are permitted access to any data. For example, a student’s contact information is not accessible by teachers who are not instructing that student. There are administrative accounts which do have elevated access privileges; however, those are more restricted.

Using a student information system is essential in being able to generate report cards, official transcripts, and eventually even high school diplomas for students. Losing access to such a system would inherently create harm through loss of efficient delivery of those services.

It has been stated that the PowerSchool breach has been “contained”. What does that mean?

Our assessment is based on updates from PowerSchool: “We do not believe there is an ongoing risk to our systems. We have no evidence of malware or continued unauthorized activity in the PowerSchool environment. PowerSchool is not experiencing, nor does it expect to experience, any operational disruption and continues to provide services as normal to our customers.”

The Privacy Commission of Canada has been notified by PowerSchool about the breach.

What steps did the GNWT take once the breach was confirmed?

Once the breach was confirmed, the GNWT worked quickly to confirm which education bodies were affected and the type of information impacted. Our steps included:

  • working with education bodies to ensure we were notifying school staff and students through letters
  • issuing a public notice
  • setting up an access point (educationoperations@gov.nt.ca) for the public to contact us with their concerns as quickly as possible.
  • notifying the NWT privacy commissioner

The Office of the Chief Information Officer (OCIO) is leading the analysis and investigation within the NWT. 

Where can I get more information?

This webpage will continue to be updated as information and facts are verified through PowerSchool, ECE’s and the OCIO’s analysis.

Staff and students within the impacted education bodies will receive information directly from PowerSchool, their education body, as well as updates from this GNWT webpage as more information becomes available.

News:

January 16, 2025: Cybersecurity incident involving PowerSchool has occurred, NWT information affected

February 4, 2025: Update on PowerSchool data breach