In February, PowerSchool began notifying affected students and staff about the recent data breach. Emails are being sent from PowerSchool <Ps-sis-incident@mail1.csid.com> and include details on how to sign up for identity protection and credit monitoring services. Click here to see the email.

As part of their response, PowerSchool is offering two years of complimentary identity protection services through Experian Identity Protection Services for students and staff whose information was involved. 

Enrolment Instructions:

• Visit the Experian IdentityWorks website to enrol: https://www.globalidworks.com/identity1
• Provide your activation code: MPRT987RFK
• For questions about the product or help with enrollment, please email globalidworks@experian.com. 

The deadline to register is July 31, 2025. 

As part of their response, PowerSchool is offering two years of complimentary credit monitorign services through TransUnion Creit Monitoring for students and staff over 18 years of age.

Enrolment Instructions:

• Please visit powerschool.com/security/canada-credit-monitoring. There, you will find a link to the validation website, CaCreditMonitoringValidationPage-PowerSchool.com, where you will be prompted to validate your information by entering your first name, last name and year of birth.
• If your identity is validated, a pop up will appear that provides an activation code and provides you a link to TransUnion’s myTrueIdentity site to enrol.

Details Regarding your myTrueIdentity Membership

Upon completion of the online enrolment process, you will have access to the following TransUnion myTrueIdentity features:  

• Unlimited online access to your TransUnion Canada credit report, updated daily. A credit report is a snapshot of your financial history and one of the primary tools leveraged for determining credit-related identity theft or fraud.  
• Unlimited online access to your CreditVision® Risk credit score, updated daily. A credit score is a three-digit number calculated based on the information contained in your TransUnion Canada credit report at a particular point in time.  
• Credit monitoring, which provides you with email notifications to key changes on your TransUnion Canada credit report. In today’s virtual world, credit alerts are a powerful tool to help protect you against identity theft, enable quick action against potentially fraudulent activity and provide you with additional reassurance.  
• Access to online educational resources concerning credit management, fraud victim assistance and identity theft prevention. 
• Access to Identity Restoration agents who are available to assist you with questions about identity theft. In the unlikely event that you become a victim of fraud; a personal restoration specialist will help to resolve any identity theft.  This service includes up to $1,000,000 of expense reimbursement insurance.  
• Dark Web Monitoring, which monitors surface, social, deep, and dark websites for potentially exposed personal, identity and financial information and helps protect you against identity theft.  

All current and former ECSD students from 2009 and onward.

All current and former ECSD staff with access to PowerSchool since 2009. This also includes staff who were part of the PowerSchool pilot in 2008.

Our investigation has determined that the data accessed included:

• Student demographic information such as first name, last name, date of birth, student phone numbers, and mailing addresses. 
• Alberta Student Numbers (ASN)
• Guardian Alerts
• Basic student medical information, including details such as asthma, allergies, diabetes, or other medical conditions that were shared with the school. 

The breach also accessed limited staff work-related data, including names, email addresses, and internal identification numbers. We are directly contacting about 30 staff members whose mailing addresses were accessed in the breach.

No. ECSD does not store any Social Insurance Numbers (SIN), financial or banking information in PowerSchool, so that information was not affected in any way.

PowerSchool manages student information, but when parents or guardians make a payment, they are redirected to Rycor (Student Quick Pay) via a secure link. PowerSchool cannot access Rycor’s data, nor does Rycor share data back with PowerSchool. This recent cybersecurity breach was limited to PowerSchool systems only.

No. Student and staff photos were not accessed in this incident.

No. Personal documents, such as birth certificates or baptism certificates uploaded during the registration process, are stored on a separate platform. They are not stored in PowerSchool. These documents were not affected by the PowerSchool cybersecurity breach.

Yes, you can continue to use your PowerSchool account as usual. The PowerSchool cybersecurity incident has not disrupted daily school operations or classroom instruction. PowerSchool has assured us that the incident has been contained and that additional security measures have been implemented to prevent future breaches.

The accessed data could potentially be used for identity theft, where personal details are misused to impersonate someone or commit fraud. It could also be used for phishing or social engineering, such as sending fake emails or messages designed to trick individuals into revealing sensitive information like passwords or financial details.

While no financial information, passwords, or personal documents were accessed in this incident, it is always important to monitor any digital accounts that you have to watch for activity that is not yours.

We advise being cautious with emails or messages that seem unfamiliar. Avoid clicking on unknown links and refrain from sharing personal details in response to unsolicited requests.

According to PowerSchool, the breach occurred after an unauthorized party used a compromised credential to gain access, affecting information from multiple school divisions worldwide, including Edmonton Catholic Schools.

PowerSchool has assured us that the vulnerability has been identified and resolved. They have also implemented enhanced security measures to prevent similar incidents in the future. 

The Office of the Information and Privacy Commissioner of Alberta has acknowledged the PowerSchool cybersecurity incident and is monitoring the situation. The Office of the Privacy Commissioner of Canada has also confirmed that it is investigating the incident. You can read the Alberta commissioner's full statement here. 

This was a PowerSchool breach. PowerSchool says it has strengthened its password policies and controls, including increasing the length and complexity of the passwords required of all employees. PowerSchool is working with CrowdStrike, a leading cybersecurity company, monitoring the internet for any potential misuse of data. We are also closely monitoring the situation.

Edmonton Catholic Schools has Multi-Factor Authentication (MFA) enabled for all staff. MFA reduces the risk of account takeovers and provides additional security for users and their accounts. 

We recommend you always use the following practices to keep your accounts and information secure: 

• Regularly check your email, online accounts, and social media accounts for any signs of unusual activity.
• Update all account passwords frequently, especially if any have been reused across different platforms.
• Use strong, unique passwords for every account, and consider using a password manager for enhanced security.
• Activate two-factor or Multi-Factor Authentication on any accounts where it’s available for extra protection.

Additionally, stay vigilant against phishing attempts. Be cautious of unfamiliar emails, calls, or messages that claim to be from legitimate organizations. Never click on suspicious links or share personal information without verifying the source. By always taking these precautions, you can help safeguard your accounts and reduce the risk of unauthorized access.