San Diego Unified School District officials said Friday that hackers may have accessed some students’ social security numbers and medical conditions in a data breach.
Districts across the country use PowerSchool software for grades, attendance and more. On Tuesday, PowerSchool told the district that an unauthorized user had accessed student and teacher data through a customer support portal.
The company told districts it had deactivated the user’s login credential, reset passwords and restricted access to the portal. They said they believe the information has been deleted.
“PowerSchool has told us the situation has been contained, and they have taken actions to prevent the information from being used,” W. Drew Rowlands, the district’s deputy superintendent of operations, wrote to families on Tuesday. “We have reinforced to this vendor our expectations about upholding the highest data security standards.”
In an update to families on Friday, Rowlands said PowerSchool has confirmed that while most of the data was student contact information, it may also have included some students' personal data, like social security numbers and medical conditions.
“PowerSchool is committed to protecting the security and integrity of our applications,” a PowerSchool spokesperson said in an email. “We take our responsibility to protect student data privacy and act responsibly as data processors extremely seriously.”
District leaders said PowerSchool is still investigating what kind of information from San Diego Unified students was included in the breach. They said PowerSchool will offer support, like credit monitoring or identity protection services, for affected students.
The district and PowerSchool have not said how many students' data the hacker accessed. According to its website, PowerSchool's customers include more than 90 of the 100 largest school districts by enrollment in the country.
