WESTFIELD – During the second week of January, Westfield Academy and Central School District was alerted of a cybersecurity breach involving PowerSchool, a software vendor that manages data for Student Information Systems.

Technology Coordinator and Chief Privacy Officer for WACS, Can Tenamore, told district officials the cybersecurity breach, which affected tens of millions of students and teachers, did not involve Westfield. “Westfield Academy and Central School has not been identified by PowerSchool as being impacted by this breach,” he said. “However, we remain vigilant in safeguarding our systems and the information entrusted to us.”

According to their website, “PowerSchool is committed to being a good custodian of student data, taking all reasonable and appropriate countermeasures to ensure data confidentiality, integrity, and availability.”

Nevertheless, according to Education Week, on Dec. 28, PowerSchool’s PowerSource customer support portal was accessed using compromised credentials, exposing the personal information of millions of students and teachers.

Westfield Superintendent Michael Cipolla addressed the Board of Education about the PowerSchool data breach at their meeting on Jan. 13. “There was a breach and information was compromised,” he said. “Fortunately, WACS was not one of the schools that was compromised.”

Cipolla went on to say Tenamore is watchful in safeguarding all data entrusted to the district, and he works diligently to keep personal information secure. “Can is going to attend a virtual conference to make sure our district is safe,” he added.

Cipolla went on to say school districts need to maintain constant vigilance regarding information. “This incident magnifies the critical importance of having consistent processes in place to evaluate where sensitive information is being stored, how it is being accessed, and how often it is reviewed for vulnerabilities.”

On Sunday, January 19, the Daily Tar Heel, as well as other newspapers in affected communities, reported that the breach occurred on Dec. 19, but PowerSchool did not discover the incident until Dec. 28 and, reported it over a week later on Jan. 7.

TechCrunch also reported that “A cyberattack and data breach at U.S. edtech giant PowerSchool that was discovered December 28 threatens to expose the private data of tens of millions of schoolchildren and teachers.”

PowerSchool’s website says its school records software is used by 18,000 schools to support more than 60 million students across North America. In a communication shared with its customers last week, PowerSchool confirmed the unnamed hackers stole “sensitive personal information” on students and teachers, including some students’ Social Security numbers, grades, demographics, and medical information.

The Jamestown Public Schools District was also involved in the cybersecurity incident involving unauthorized access to certain PowerSchool student information systems. PowerSchool has notified JPS that the data accessed primarily includes student, parent, and staff contact information such as name, address, and phone numbers. JPS does not retain social security numbers in PowerSchool, and no financial information was included in the data event. PowerSchool has stated the incident is contained, and they have no evidence of malware or continued unauthorized activity in the PowerSchool environment. They are not experiencing, nor expect to experience, any operational disruption and they continue to provide services as normal to school districts.