Coal City Community Unit School District 1 was notified this week that PowerSchool, the software vendor that provides its Student Information System [SIS] has initiated the process of notifying individuals whose information was determined to be involved in a cybersecurity incident in December 2024.
Earlier this month, Coal City Schools received notification from PowerSchool Group LLC that an unauthorized third party gained access to certain student data in a global incident affecting PowerSchool users including District 1.
The process of notifying individuals whose information was determined to be involved began on January 29. The type of information involved included—one or more of the following: student’s name, contact information, birth date, limited medical alert information and other related information. No passwords, Social Security numbers or financial information of Coal City students/families were impacted.
In response to the data breach, PowerSchool immediately engaged cybersecurity response protocols, and at this time the company reports it is not aware of any identity theft attributable to this incident. Additionally, PowerSchool has started the required process of notifying state attorney general offices of the breach and engaged identity protection and credit monitoring services through Experian, a credit reporting agency. PowerSchool is providing two years of complimentary identity protection and credit monitoring services for all current and former students and educators whose information was determined to be involved.
In the coming weeks, on behalf of PowerSchool, Experian will send out email notifications to involved individuals for whom they have sufficient contact information. Additionally, PowerSchool has worked with Experian to set up a dedicated, toll free call center to assist families with questions regarding the incident and the credit monitoring services being offered. Information regarding the activation of and access to these services will be included in the email sent to families. Those who do not receive an email can visit https://www.powerschool.com/security/sis-incident/notice-of-united-states-data-breach/ to learn how to activate the offering from Experian.
According to PowerSchool the incident has been contained and they have no evidence of continued unauthorized activity. In order to prevent future incidents, the company reports it has strengthened its policies and controls, and made significant investments in cybersecurity defenses.