Skip to content
SEIU Morning Breath
Daily NewslettersDaily Newsletters
Account Account

Share this article:

More Stories

WACO hit by PowerSchool information breach

Cybersecurity breach may have compromised WACO student and staff personal information

AnnaMarie Kruse

Jan. 23, 2025 9:12 am

Southeast Iowa Union offers audio versions of articles using Instaread. Some words may be mispronounced.

WAYLAND — The WACO Community School District faces the impact of a recent cybersecurity breach involving PowerSchool, a widely used student information system (SIS) in school districts nationwide, containing sensitive student and staff information.

WACO was among numerous school nation-wide to fall prey to a cybersecurity breach of PowerSchool. (AnnaMarie Kruse/The Union)
WACO was among numerous school nationwide to fall prey to a cybersecurity breach of PowerSchool. (AnnaMarie Kruse/The Union)

“We take data security seriously and are implementing necessary measures to safeguard our students and staff,” official communications from the district stated.

In a letter to district families dated Jan. 20 WACO CSD informed the community of the breach, stating, “this breach was part of a global incident affecting multiple districts across the country. This was not just a WACO issue.”

PowerSchool reported unauthorized access to its system occurred on Dec. 22, 2024 and notified school districts, including WACO, Highland, and Washington on Jan. 7. The breach was part of a larger cyberattack that impacted multiple districts across the country.

Hackers accessed personally identifiable information such as dates of birth, addresses, and medical alerts for students, while staff information such as usernames, passwords, and phone numbers also faced exposure.

WACO CSD stated that IT confirmed the accessed students personally identifiable information may have included dates of birth, medical alerts, and “additional sensitive fields.” Additionally, staff’s potentially accessed information included PowerSchool usernames and passwords, phone numbers, and teacher numbers. Luckily, these passwords were encrypted.

The letter to Highland families, dated Jan. 15, specifically stated that information accessed for the students in the district did not include any social security numbers. The same information was accessed for staff at Highland CSD.

Superintendent Ken Crawford, who also oversees the Highland Community School District, said the districts are working closely with PowerSchool to assess the breach and protect those affected.

Nearby Washington CSD, which also use PowerSchool, experienced similar effects.

“PowerSchool has unfortunately confirmed that data belonging to students and teachers within our district, and across the country, was impacted as a result of this incident,” Washington CSD Superintendent Willie Stone wrote in a letter sent to district families Jan. 15. “PowerSchool has confirmed that some personally identifiable information … such as social security numbers, was impacted.“

The breach has created a significant challenge for all affected school administrations and families, prompting a strong response from district officials.

PowerSchool assured affected districts that no evidence suggests misuse or public dissemination of the breached data. To address concerns, PowerSchool offers credit monitoring and identity theft protection services to affected individuals.

According to the letter to Highland families, specific instructions will be announced for those eligible to access credit monitoring and identity protection services in the coming weeks. Those eligible will be contacted.

Additionally, the PowerSchool implemented enhanced password policies and access controls to prevent future breaches. The company also engaged cybersecurity firm CyberSteward to conduct an independent review and ensure the data deletion process remains thorough and secure.

The breach impacted numerous districts nationwide, as PowerSchool ranks among the most widely used SIS platforms in the United States. School administrators and cybersecurity experts urge parents, students, and staff to stay vigilant against potential identity theft and fraud. Experts recommend closely monitoring financial statements and using identity protection services to mitigate risks associated with the breach.

WACO’s IT personnel will continue to collaborate closely with PowerSchool to assess the full scope of the breach and reinforce all data security measures.

"We will continue to work with PowerSchool to ensure what data was breached and how it would affect our population adversely,” letters to families in districts overseen by Crawford stated.

While also close by, Winfield-Mt. Union and Mt. Pleasant community school districts avoided the breach by using a different student information system, Infinite Campus, which remained unaffected.

Contributions to this article made by Kalen McCain.

Comments: AnnaMarie.Kruse@southeastiowaunion.com
Date Time Location Previous Next chevron-circle-right Funeral Home Facebook Bluesky X/ Twitter Linkedin Youtube Instagram Tiktok Reddit Email Print Buy RSS Feed Opens in new tab or window PDF