Skip To Main Content
Important Information
Cameron Hurst

On Tuesday, Jan. 7, 2025, PowerSchool informed our leadership team that they experienced a cybersecurity incident involving unauthorized access to certain PowerSchool student information systems. Jamestown Public Schools was among PowerSchool’s many worldwide clients affected. District officials attended a detailed PowerSchool debrief about the data event to learn more information.

What happened?

According to PowerSchool, a threat actor used a compromised administrative PowerSchool credential belonging to a sub-contractor to access data stored in the global PowerSource management system. When PowerSchool became aware of the incident on December 28, 2024, they notified law enforcement, locked down the system and engaged the services of CrowdStrike (a cybersecurity company that develops software to help companies detect, prevent, and respond to cyberattacks) and Cyber Steward (a professional advisor with experience in negotiating with threat actors).

What data could have been accessed?

PowerSchool has notified us that the data accessed primarily includes student, parent, and staff contact information such as name, address, and phone numbers. JPS does not retain social security numbers in PowerSchool, and no financial information was included in the data event.

PowerSchool states that they have received “reasonable assurances from the threat actor that the data has been deleted and that no additional copies exist. We do not anticipate the data being shared or made public, and we believe it has been deleted without any further replication or dissemination. We have a video confirming deletion and are actively searching the dark web to confirm.”

What happens next?

PowerSchool has stated that the incident is contained, and they have no evidence of malware or continued unauthorized activity in the PowerSchool environment. They are not experiencing, nor expect to experience, any operational disruption and they continue to provide services as normal to school districts.

PowerSchool has stated, “While we are unaware of and do not expect any actual or attempted misuse of personal information or any financial harm to impacted individuals as a result of this incident.”

PowerSchool will be providing us with more detailed information and resources. We will share all relevant information as it becomes available to us. While PowerSchool is responsible for this incident and its impact, JPS is committed to protecting our student, staff and family data and will continue to communicate with transparency about this incident.