Staff and student information from 2010 upwards accessed in large-scale cyber attack; free identity protection services offered

By MEDICINE HAT NEWS on January 25, 2025.

On Friday the Medicine Hat Public School Division received an update from PowerSchool, a third-party cloud platform, relaying direct impacts that apply to local schools following a data breach that affected hundreds of schools in Canada and the U.S. at the beginning of the month.

On Jan. 9, both MHPSD and the Medicine Hat Catholic Board of Education reported their schools were impacted by the widespread cyber attack involving the application PowerSchool that is used to store staff and student information, among other functions.

The school division says all current and former MHPSD students and staff from 2010 and onward have been impacted from the cyber security incident following an investigation.

Student data that was accessed includes demographic information such as names, date of birth, home phone numbers and mail addresses. Guardian details such as first name, last name, email, address, contact alerts and custody orders have also been breached.

The cyber attack also collected Alberta Student Numbers. The division states they do not collect Social Insurance Numbers as part of student records.

Staff names, email addresses and internal identification numbers were also accessed. The division warns this information could potentially be used by someone attempting to commit identity fraud.

“It could also be used for phishing or social engineering, such as sending fake emails or messages designed to trick individuals into revealing sensitive information like passwords or financial details,” reads a press release.

The division recommends caution in the future with emails or messages that seem unfamiliar and avoid clicking on unknown links. Never share personal details in a response to unsolicited requests.

MHPSD says no financial information is stored in PowerSchool and was not impacted as well no student or staff photos were accessed in the data breach.

As well, personal documents including birth certificates and other legal documents are not stored in PowerSchool and were not accessed.

MHPSD shared the following tips to help reduce the risks associated with online threats.

â€¢ Regularly check email, online accounts and social media accounts for any signs of unusual activity.

â€¢ Update all account passwords frequently and use strong, unique passwords for every account.

â€¢ Activate two-factor or multi-factor authentication on any accounts where its available.

According to the press release, PowerSchool has engaged with TransUnion and Experian to offer complimentary identity protection and credit monitoring services to all students and staff whose information was involved in the data breach and will be reaching out to those impacted directly in the upcoming weeks.

PowerSchool has reported it has strengthened its password policies and controls and is working with CrowdStrike, a cybersecurity company, to investigate any potential misuse of data.

MHPSD also says they are monitoring the situation closely and will continue to work with all third party service providers to evaluate their ability in keeping student and staff information safe.

“We are aware of the dynamic nature of cyber threats and we are dedicated to adapting and evolving strategies to mitigate risks.”