Quick Links
Skip to main contentSkip to navigation

Heartland Community Schools

Calendar

calendar

Daily Announcements

bullhorn

Powerschool

powerschool logo

Menus

fork and knife

Staff Directory

three outlines of people

Striv

play symbol

Our District

  1. Home
  2. breadcrumbs: Our District
  3. breadcrumbs: High School
  4. breadcrumbs: News

Working...

Ajax Loading Image

 

Information on PowerSchool Data Breach

January 27, 2025

Launch the media gallery 1 player

Here at Heartland Community Schools, we utilize a cloud-based student information system (SIS) called PowerSchool. Schools utilize student information systems for managing information related to various tasks such as student enrollment, scheduling, grade reporting, and exports to external data systems such as those used by the department of education. PowerSchool is a widely used SIS solution across Nebraska and across the country.

On December 28, 2024, PowerSchool became aware of a network-
wide cybersecurity incident involving unauthorized exfiltration of
personal information from certain PowerSchool Student Information System (SIS) environments.

On January 7, 2025, PowerSchool notified its customers of the incident. In that communication, PowerSchool communicated directly to us that our school’s data was not impacted by this incident. They had indicated at that time that their investigation was ongoing and that they would communicate with us if it was later determined that our data was impacted. On January 24, 2025, PowerSchool informed us that our PowerSchool data was impacted by the incident.

For those schools whose data was impacted, student and staff information were exfiltrated in the incident – this information may have included one or more of the following: the individual’s name, contact information, date of birth, limited medical alert information, Social Security Number (SSN), and other related information. Due to differences in how schools gather and store registry information, the information exfiltrated for any given individual varies from school to school.

As a PowerSchool customer, we are unable to identify what individual student or staff files were exfiltrated. Only PowerSchool’s forensic teams have that ability. Exfiltrated files could include any Heartland students or staff from the current year to as far back as the 2004-2005 school year.

PowerSchool is not aware of any identity theft attributable to this incident. On behalf of its customers, however, PowerSchool will be contacting any individuals whose student or staff information is determined to have been exfiltrated. PowerSchool will be offering two years of complimentary identity protection services for all students and staff whose information was involved. PowerSchool will also be offering two years of complimentary credit monitoring services for all students who have reached the age of majority and educators whose information was involved.

Starting in the next few weeks and in collaboration with Experian, PowerSchool will provide notice to students (or their parents / guardians if the student is under 18) and staff whose information was involved, as well as a phone number to answer any questions you may have about the incident. The notice will include the identity protection and credit monitoring services offer (as applicable).

More information may become available as we continue to work with PowerSchool and our state and regional PowerSchool resources. We will continue to update you as relevant information becomes available.

Below are answers to some frequently asked questions that have been provided to us by PowerSchool.

Frequently Asked Questions for Families

 

Who is PowerSchool?

PowerSchool provides cloud-based software to K-12 schools. This security incident affected some of the districts using the PowerSchool Student Information System product. We have no evidence that any other PowerSchool products were affected as a result of this incident.

Am I required to reach out to my school or take any steps as a parent or guardian at this time?

No. If you are a parent or guardian of a student under the age of majority and your student’s information was exfiltrated from their district’s PowerSchool SIS, you will receive a notification email from PowerSchool over the next few weeks.

Was any student or family data involved in this incident?

For involved students and educators, the types of information exfiltrated in the incident may have included one or more of the following: the individual’s name, contact information, date of birth, limited medical alert information, Social Insurance Number (SIN), and other related information. Due to differences in customer requirements, the information exfiltrated for any given individual varied across our customer base. The notice received by each individual will include a description of the categories of personal information that were exfiltrated and the identity protection and credit monitoring services offered (as applicable).

Was credit card or banking information involved in this incident?

We have no evidence that credit card or banking information was involved.

Will I get identity protection or credit monitoring?

PowerSchool is offering complimentary identity protection and credit monitoring services to all students and educators whose information from your PowerSchool SIS was involved. This offer is being provided regardless of whether an individual’s Social Security number was exfiltrated.

Identity Protection: PowerSchool will be offering two years of complimentary identity protection services, which will be provided by Experian, for all students and educators whose information was involved.

Credit Monitoring: PowerSchool will also be offering two years of complimentary credit monitoring services, which will be provided by TransUnion, for all students and educators who have reached the age of majority whose information was involved.

When will PowerSchool provide next steps to schools, educators and families?

We are working to complete our investigation of the incident and are coordinating with districts and schools to provide more information and resources (including credit monitoring or identity protection services if applicable) as they become available.

Frequently Asked Questions for Educators

 

Was any educator data involved in this incident?

For involved students and educators, the types of information exfiltrated in the incident may have included one or more of the following: the individual’s name, contact information, date of birth, limited medical alert information, Social Insurance Number (SIN), and other related information. Due to differences in customer requirements, the information exfiltrated for any given individual varied across our customer base. The notice received by each individual will include a description of the categories of personal information that were exfiltrated and the identity protection and credit monitoring services offered (as applicable).

Was credit card or banking information involved in this incident?

We have no evidence that credit card or banking information was involved.

When will PowerSchool provide next steps to schools, educators and families?

We are working to complete our investigation of the incident and are coordinating with districts and schools to provide more information and resources (including credit monitoring or identity protection services if applicable) as they become available.