1-9-2025 PowerSchool Incident Letter
9 January 2025
Dear Greenback Staff and Families,
I’m writing to let you know that today PowerSchool shared information with us about a widespread data breach that they reported happened during late December. According to the conference call with PowerSchool (all affected schools were on the call), they believe that this breach is now contained but may have affected the data of our employees and/or students and their families. PowerSchool is a common provider of student management and enrollment systems for schools in Kansas and the nation.
PowerSchool is continuing to do a forensic investigation, through the firm CrowdStrike, and that investigation is monitored by federal regulatory authorities. In accordance with regulatory and contractual obligations, PowerSchool will notify individuals whose Personally Identifiable Information (PII) was compromised. Also, in accordance with regulatory and contractual obligations, PowerSchool will provide credit monitoring services for those individuals whose PII was compromised. This information will come at a later date.
As we learn more actionable information, we will relay that to our parents and staff.
Per PowerSchool, a threat actor used the credentials of a PowerSchool employee to initiate their breach. This breach violates our expectations for district vendors. Pratt USD 382 is serious about protecting the security and privacy of your data. We use regular cybersecurity training with our staff and require 2-factor authentication as an added layer of security. We continually update our cybersecurity protocols.
Thank you for your partnership as we work through this incident with PowerSchool. If you have any questions, please call our central office at 620-672-4500.
Sincerely,
Tony Helfrich