On the morning of Wednesday, January 8, the South Carolina Governor's School for Agriculture received the following notification from PowerSchool, the service provider utilized by the school for student data:
"...We are reaching out to make you aware that on December 28, 2024 PowerSchool became aware of a potential cybersecurity incident involving unauthorized access to certain information through one of our community-focused customer support portals, PowerSource. Your organization’s Technical Contact was informed of this incident earlier today. Over the succeeding days, our investigation determined that an unauthorized party gained access to certain PowerSchool SIS customer data using a compromised credential.
"However, our thorough forensic investigation has confirmed that information related to other PowerSchool products you have were not affected as a result of this incident. Please note there is no further action needed from you at this time relative to your non-PowerSchool SIS products, and we are simply notifying you to be as transparent as possible and because we value our partnership with you. We have already notified technical contacts responsible for PowerSchool SIS in your organization.
"As soon as we learned of the incident, we immediately engaged our cybersecurity response protocols and mobilized a cross-functional response team, including senior leadership and third-party cybersecurity experts. We have also informed law enforcement.
"We have also deactivated the compromised credential and restricted all access to the affected portal. Lastly, we have conducted a full password reset and further tightened password and access control for all PowerSource customer support portal accounts.
"Importantly, the incident is contained, and we have no evidence of malware of continued unauthorized activity in the PowerSchool environment. PowerSchool is not experiencing, nor expects to experience any operational disruption and continues to provide services as normal to our customers.
"We are addressing the situation in an organized and thorough manner, following all of our incident response protocols. PowerSchool is committed to providing affected customers with the resources and support they may need as we work through this together.
"Again, although your product was not impacted, we wanted to assure you that we are addressing the situation in an organized and thorough manner following all of our incident response protocols. Should you have any questions, please do not hesitate to contact your customer service manager. Thank you for your continued support and partnership."
Later on Wednesday, the South Carolina Department of Education issued the following statement in response to the PowerSchool breach:
Late Tuesday, the South Carolina Department of Education (SCDE) was informed by PowerSchool of a cybersecurity breach involving its PowerSource portal. This was an international incident over which the state and local districts had no control.
This breach resulted in unauthorized access to certain customer data from PowerSchool’s Student Information Systems (SIS), including data from multiple states and school districts across the country.
During a meeting with PowerSchool’s senior leadership, they confirmed that personally identifiable information (PII) was compromised. The SCDE is currently working to understand the full scope of the breach.
PowerSchool has stated that this breach has been contained and has informed the SCDE that it has taken steps to secure its systems, engage cybersecurity experts, and is also coordinating with law enforcement to address the breach.
The SCDE is actively communicating with PowerSchool, legal counsel, and local districts to assess the full impact on South Carolina schools, students, and educators and to determine next steps. The SCDE is also in direct communication with the State Law Enforcement Division (SLED), the Attorney General’s office and has notified the Governor and legislative leaders.
Commenting on the seriousness of this incident, State Superintendent of Education Ellen Weaver said, “The protection of our South Carolina students’ and educators’ personal data is non-negotiable. We fully recognize the anxiety this raises for them and their families.”
She continued, “While PowerSchool has taken accountability for this breach, our Department will take uncompromising action to ensure we uncover the complete extent of this incident. We will insist that PowerSchool not only notify affected individuals but also provide them with credit and identity monitoring services."
This morning, the South Carolina Law Enforcement Division released the following statement:
South Carolina Critical Infrastructure Cybersecurity (SC CIC) is aware several organizations across the state have received emails from PowerSchool, regarding a recent data breach involving PowerSchool’s Student Information System (SIS) customers. In December 2024, a threat actor used valid credentials to exfiltrate K-12 student and faculty information through the PowerSource customer support platform. SC CIC is working with South Carolina Department of Education (SCDE) to ensure a proper response to this incident.
Currently, SC CIC encourages the affected organizations to follow guidance from PowerSchool. This includes the advice for any self-hosted organizations to turn off maintenance access. Going forward, impacted organizations and victims should also have a heightened sense of awareness for a potential increase in follow-up email, text, and voice scams. Additionally, SC CIC would encourage families to consider the possibility of freezing their affected children’s credit as a protective measure against future breaches and scams.
At the site level, our PowerSchool administrators here at the Governor's School for Agriculture remain vigilant in monitoring any potential future impact from this incident.
UPDATED: 1/9/2025 - 11:00 a.m.