|
Getting your Trinity Audio player ready...
|
The Menlo Park City School District informed current and former families and staff that a data security breach occurred in late December 2024 on its school information system, PowerSchool. The district learned about the breach on Jan. 7 and it contacted all families and staff going back to 2009 to inform them of the breach, according to emails sent to school community members.
PowerSchool is a software that serves as a database for student records across more than 16,000 customers, largely K-12 schools. The Portola Valley School District is among local schools that use the database and was also impacted by the data breach.
MPCSD’s resource page on the breach states that data was accessed for 10,662 students and 3,270 staff members. MPCSD and PVSD state that the data accessed included names, date of birth, home address, phone numbers, contact information, health records, race and ethnicity and gender.
PowerSchool included in its notice that Social Security numbers were included in the data breach.
MPCSD clarified it currently does not collect or store Social Security numbers in PowerSchool, but after reviewing the accessed data it found that 386 student records from 2018 and earlier include a Social Security number. PVSD stated in its FAQ document that it discovered all former and current staff, along with two former student records including their Social Security number on file, however it no longer collects Social Security numbers in PowerSchool and has never been required for students.
All impacted individuals have been contacted by the school districts.
According to MPCSD, the school district’s Technology Services Department is attending county meetings to address cyber security issues and meeting with other school districts to share resources.
“The MPCSD Technology Services Department, including its cyber security specialist, is actively following all PowerSchool updates, including attending webinars to better understand the impact of the data breach,” said MPCSD in a statement to The Almanac.
In response to the incident, PowerSchool is offering two years of complimentary identity protection services to students and educators involved through Experian, a credit reporting agency. Adult students and teachers will also be offered credit monitoring services.
On behalf of PowerSchool, Experian will be directly contacting individuals who have been affected by the breach for whom they have sufficient contact information.
MPCSD’s data breach resources page explains that PowerSchool does not anticipate the data will be shared and has been deleted due to its engagement with CyberSteward, a professional advisor in negotiating with cybercriminals. Their engagement with its services implies that a ransom was demanded and paid by PowerSchool in exchange for evidence of the data’s deletion.
The school district advises current and former MPCSD community members to be alert for any phishing attempts following this data breach.
“Please remain vigilant, as PowerSchool will never contact you by phone or email to request your personal or account information,” according to the district’s resource page.
PowerSchool has also set up a call center for families and educators to ask questions about its complimentary identity protection services. Affected individuals can call 833-918-9464.
“As a result of the data breach, MPCSD is engaged in discussions about the data we keep and how we can minimize what information would be available were any of our applications breached,” said Willy Haug, MPCSD director of technology and innovation.
According to the district, its technology services employees regularly attend cybersecurity conferences to learn more about the threat landscape and what tools exist to combat cyber attacks.
MPCSD continues to work with PowerSchool and will be updating its resources page as more information is provided by the company.
For more information on the MPCSD data breach, visit tinyurl.com/MPCSDdatabreach.
Identity theft protection
PowerSchool advises individuals to regularly review account statements and to obtain a credit report from one or more of the national credit reporting companies including Equifax, Experian and TransUnion. Free credit reports can also be obtained on annualcreditreport.com or by calling 877-322-8228.
Fraud alerts can also be requested from credit reporting agencies to ensure you will be notified and asked to verify identification before extending credit in your name.
Individuals can also request a security freeze on credit reports, which will prohibit agencies from releasing any information without written authorization. PowerSchool warns that this may also delay or interfere with any timely approval for requests on loans, employment, housing or credit mortgages. For more information on how to protect your identity visit tinyurl.com/PowerSchoolDataBreachNotice.
Joan Lane, trailblazing volunteer and Stanford’s go-to for ‘sticky problems,' dies at 97March 25, 2026 3:23 pm