Medicine Hat schools among hundreds hit by cyber attack across North America

By MEDICINE HAT NEWS on January 10, 2025.

Schools in the Hat have been affected by a data breach in a third-party cloud platform that occurred at the end of 2024 and impacted the personally identifiable information of staff and students within the Medicine Hat Public School Division and the Medicine Hat Catholic Board of Education.

Parents and guardians across the province received alerts Wednesday informing them of a data breach that occurred Dec. 28 involving the application PowerSchool that is used to store staff and student information.

School divisions were made aware of the widespread cyber attack that is impacting hundreds of schools across Canada, the U.S and other parts of the world on Tuesday, and have since been assured the security issue has been resolved and systems are once again operating securely.

According to a press release from MHPSD the data was accessed by an unauthorized user and has since been deleted, and that no copies were kept or shared and no financial information was affected.

“Please know that we are working with PowerSchool to understand the full scope of the incident and will share more information as more information is available,” states the release.

The division also says related applications connected to PowerSchool, including SchoolEngage, SchoolCash Online and SchoolMessenger were not affected as a result of the breach.

The Medicine Hat Catholic Board of Education says no financial information was accessed and that strengthened security measures have been implemented by the third-party developer to prevent future breaches.

“We will continue to monitor the situation closely and provide updates with staff and families as information becomes available to us,” states a release from MHCBE

A letter sent to MHCBE from PowerSchool executives says the cyber-security incident led to information accessed belonging to SIS customers, and relates to families and educators but is contained with no evidence of malware or continued unauthorized activity.

“Rest assured, we have taken all appropriate steps to prevent the data involved from further unauthorized access or misuse,” states the letter. “We do not anticipate the data being shared or made public and we believe it has been deleted without any further replication or dissemination.”

School districts in Ontario, Nova Scotia, P.E.I. and Newfoundland and Labrador have also been affected by the cyber-security incident.