Dear Lightning Families –
We are writing to make you aware of a recent cybersecurity incident involving PowerSchool, a software vendor that provides the Student Information System (SIS) for Lapeer Community Schools as well as for thousands of districts in the United States and across the world.
Unfortunately, it has been confirmed that data regarding students, parents, and staff was accessed.
On December 28, 2024, PowerSchool discovered unauthorized access to student and staff data within its system.
PowerSchool determined that the unauthorized access to the data occurred through their portal used for customer support using a PowerSchool employee’s account, not a Lapeer Community Schools account.
PowerSchool has informed us that they have taken all appropriate steps to prevent the data involved from further unauthorized access or misuse. PowerSchool feels that the breach has been contained and that no malware was involved. Additionally, PowerSchool has made changes to their systems and processes to prevent this breach from occuring in the future. Internally, Lapeer Community Schools is also taking steps to protect personal data.
PowerSchool has indicated the data involved includes parent and student contact information with elements such as name and address information. Across their customer base, they have determined that for a portion of individuals, some personally identifiable information (PII), such as social security numbers (SSN) and medical information from Lapeer Community Schools, was impacted.
PowerSchool has engaged Experian, a trusted credit reporting agency, to offer complimentary identity protection and credit monitoring services to all students and educators whose information from your PowerSchool SIS was involved. This offer is being provided regardless of whether an individual’s Social Security number was exfiltrated.
Identity Protection: PowerSchool will be offering two years of complimentary identity protection services for all students and educators whose information was involved.
Credit Monitoring: PowerSchool will also be offering two years of complimentary credit monitoring services for all adult students and educators whose information was involved.
Again, we are told this threat has been contained and there are no ongoing concerns.
Here is also a link to PowerSchool's SIS-Incident page where updates are being provided.
Starting in the next few weeks, PowerSchool will be handling notifications to involved individuals and relevant state attorney general offices on your behalf. We hope to relieve the burden of these notifications on you and your institution. You may opt out if you would prefer to notify directly.
Community: PowerSchool will coordinate with Experian to provide notice on your behalf to students (or their parents / guardians if the student is under 18) and educators, as applicable, whose information was involved, as well as a call center to answer questions from the community. The notice will include the identity protection and credit monitoring services offer (as applicable).
Regulatory: PowerSchool will provide notification on your behalf to relevant state attorney general offices. You may also have notification requirements with your state’s Department of Education where required. Since many customers have already been notified and are in close contact with their state’s Department of Education, PowerSchool will defer to you on these notifications.
Thank you for your patience and understanding.
Sincerely,
Lapeer Community Schools