PowerSchool – Sixth Communication
May 6, 2025 Dear Kelsey School Division Community, We are writing with an update on the PowerSchool cybersecurity incident. In …
May 6, 2025
Dear Kelsey School Division Community,
We are writing with an update on the PowerSchool cybersecurity incident. In our previous update
about the incident, we mentioned that PowerSchool would be sending emails to students,
parents/guardians, and educators whose information was involved in the incident. We understand that
members of the Kelsey School Division community have now received this email from
PowerSchool and others may receive it in the coming days.
We understand from PowerSchool that the email was or will be sent from one of the following similar
email addresses: ps-sis-incident@mail.csid.com; ps-sis-incident@mail1.csid.com; or ps-
sis-incident@mail2.csid.com. If you receive or have received an email from any one of these email
addresses with the subject line “PowerSchool Cybersecurity Incident”, we have been assured by
PowerSchool that it is a legitimate email. The email includes information about how to activate the
2 years of identity protection and/or credit monitoring services offered. Please find attached an
example of what the email from PowerSchool looks like, although there may be
differences between it and the one you receive.
Whether or not you received the email from PowerSchool, you may also visit PowerSchool’s website to
learn how to activate the identity protection and/or credit monitoring services. For those able to
utilize credit monitoring services (anyone age 18 and over), you will be prompted to validate
before activating by entering your name and date of birth. Anyone, including those under 18, can
utilize the identity protection services. PowerSchool has advised that you can call 833- 918-7884
if you have any questions.
Please review the email from PowerSchool carefully. It includes details about the incident and the
information identified by PowerSchool as involved. In the email, PowerSchool explains that, on
December 28, 2024, it became aware that it experienced a cybersecurity incident
involving unauthorized access to and exfiltration (acquisition) of certain personal
information from PowerSchool Student Information System (SIS) environments. This occurred
between around December 19 and December 28, 2024. PowerSchool also advised us that it has
taken steps to prevent the information involved from further unauthorized access or
misuse, that it does not anticipate the information being shared or made public, and that it
believes the information has been deleted without any further replication or dissemination. Like
many school institutions across North America, we use PowerSchool for our SIS and thus were
informed by PowerSchool that information stored by Kelsey School Division in our SIS was involved
in the incident.
You will see that PowerSchool includes in the email a description of some of the information that
was potentially involved in the incident. The information involved varies by person.
For students, the information involved will generally be limited to information parents/guardians
provided Kelsey School Division upon registration of their child as a student or any subsequent
updates to that information. For many students, the information involved was name, date of birth,
gender, contact information, address, school contact information, MET number, school ID number,
and/or enrolment/registration records as well as the parent/guardian’s name and
contact
information. For a small number of students, there was also photo, Personal Health Information
Number, relevant medical information (e.g., allergies) and/or relevant alerts.
For staff, the information involved was name, date of birth, contact information, address, school
contact information, Professional School Personnel number, and/or school ID number. For a small
number of staff, there was also photo.
The email from PowerSchool also refers to Social Insurance Number (SIN) as potentially involved but
should also include a statement if there is no evidence that your SIN was involved – please review
the email carefully. If your SIN was among the small number stored in our SIS, we
previously emailed you about this on or around Feb 4, 2025. If you did not receive this email from
us, then your SIN was not stored in our SIS and is NOT involved in the incident – the email from
PowerSchool should thus say there is no evidence your SIN was involved. Based on our own
investigation of the information stored in our SIS, no parent/guardian, staff, or student banking
or credit card information was stored in our SIS and thus such information was NOT involved in the
incident. PowerSchool has nevertheless offered identity protection and/or credit monitoring to all
individuals with any information involved. We encourage you to sign up for the services offered by
PowerSchool.
When we learned of the incident, we conducted an investigation with the assistance of experts and
worked diligently to request details from PowerSchool. We also worked with other school
divisions in Manitoba that are similarly impacted. We have been assured by PowerSchool that the
incident has been contained. We took steps to confirm there was no ongoing threat and to reduce the
risk of a similar future threat, including by confirming that PowerSchool: engaged its
cybersecurity response protocols, engaged a cybersecurity expert to conduct a
forensic investigation, deactivated a compromised account, conducted a full password
reset, initiated enhanced processes for access, further strengthened password policies and
controls, and notified law enforcement. We have also informed the Manitoba Ombudsman of
the incident and have attached additional information about steps you can take to help protect
personal information.
Please find attached answers to some questions you may have. If you have any
additional questions, they can be directed to at tlane@ksd.mb.ca .
In Kelsey School Division, we take cybersecurity and protecting information seriously.
We sincerely regret that this incident occurred and thank you for your continued understanding.
Trevor Lane
KSD Superintendent of Schools Kelsey School Division
322 Edwards Avenue
The Pas, Manitoba, R9A 1R4
Phone: (204) 623-6421
Attention Parents and Guardians,
PowerSchool has recently sent out an email regarding a cybersecurity incident that may have affected student accounts. If you received this email, please take a moment to review it carefully for important details and recommended actions.
Ensuring the security of our students’ information is our top priority. If you have any questions or need assistance, please reach out to us directly.
Thank you for your attention to this matter.
Questions, Comments and Feedback
Please enter in the fields below
May 6, 2025 Dear Kelsey School Division Community, We are writing with an update on the PowerSchool cybersecurity incident. In …