Information Technology » PowerSchool Breach

PowerSchool Breach

Dear Parents and Guardians, 

We are writing to inform you of a recent security incident involving PowerSchool, the provider of our student information system (SIS).  Yesterday, PowerSchool notified us of  a data breach that has impacted school districts nationwide. 

PowerSchool confirmed it suffered a cybersecurity incident that allowed a threat actor to steal the personal information of students and staff from school districts using its PowerSchool SIS platform.  PowerSchool has confirmed that the stolen data primarily contains contact details such as names and addresses.

Upon further investigation, it was discovered that the breach also involved unauthorized access to our district PowerSchool system leading to the exposure of limited demographic data related to our students.

We want to assure you that the information involved is limited primarily to directory information for students and staff, such as demographic data like names, addresses, phone numbers. It did not include any financial, academic, or behavioral records. 

PowerSchool has enacted their security protocols to contain the breach and has since taken significant steps to secure their systems, including password resets and enhanced security measures.

As a district we are deeply committed to maintaining the highest standards of data protection. While we have a number of systems in place to protect student data, this breach was out of our control.  However, PowerSchool has assured us that the breach is contained, and there is no evidence of ongoing unauthorized activity.  We will be staying vigilant and reviewing any related accounts for unusual activity as a precaution. We are working closely with the State of Wyoming Cyber Assistant Response Effort (CARE) as well as the Wyoming Department of Education (WDE) to appropriately address this breach.

While we currently have no evidence of misuse of the exposed information, we encourage parents and guardians to remain vigilant. Monitor any communications and accounts linked to your directory information and report any suspicious activity.

PowerSchool will be releasing more information to affected districts worldwide, and as we get that information we will communicate that to you using a link found on the district’s website. 

Information relating to this incident can be found on the district website along with a Fact and Questions (FAQ) from PowerSchool. To access go to the District website:  www.uinta1.com, now click on the quick links on the right side of the page titled PowerSchool Breach.

Thank you for your understanding and patience as we address this matter.  We remain dedicated to ensuring the safety and privacy of our students and staff.  If you have additional questions, please email us at [email protected]

Sincerely,

Superintendent Ryan Thomas

 
Directory Information
 

NOTICE OF INTENT TO DESIGNATE

STUDENT DIRECTORY INFORMATION

 

To All Interested Persons:

 

PLEASE TAKE NOTICE that Uinta County School District Number One, State of Wyoming, may designate certain personally identifiable information as directory information for the school year________.  The District intends to designate student names, addresses, telephone numbers, date and place of birth, major fields of study if applicable), participation in officially recognized activities an sports, weight and height of athletic team members, attendance dates, degrees and awards received and the most recent previous educational agency or institution attended by a particular student as directory information for students enrolled in the District.

 

PLEASE TAKE FURTHER NOTICE that any parent, guardian or legal custodian of a student enrolled in Uinta county School District Number One, State of Wyoming may refuse to permit the designation of the above-entitled categories of personally identifiable information with respect to a particular student as directory information provided that such parent, guardian or legal custodian of the student inform the Superintendent or designee, Uinta County School District Number One, Evanston, State of Wyoming, in writing, within thirty (30) days from the date of this notice, that the above personally identifiable information is not to be designated as directory information with respect to that student for the ensuing school year.

Policy Adopted:  07/17/91

Field names from Student and Staff Data
Student Data Directory Information Personal Identification Information Staff Data Directory Information Personal Identification Information
Alert_Medical   x Balance1 (Lunch) x  
Balance1 (Lunch) x   City x  
City x   Email_Addr x  
DistrictEntryDate x   Ethnicity   x
DistrictEntryGradeLevel x   First_Name x  
DistrictOfResidence x   Home_Phone x  
DOB x   HomeSchoolId x  
Doctor_Name x   ID   x
Doctor_Phone x   Last_Name x  
Emerg_Contact_1 x   LastFirst x  
Emerg_Contact_2 x   LoginID x  
Emerg_Phone_1 x   Middle_Name x  
Emerg_Phone_2 x   PreferredName x  
Enroll_Status x   Sched_BuildingCode x  
Enrollment_SchoolID x   Sched_Gender   x
Enrollment_Transfer_Date_Pend x   School_Phone x  
Enrollment_Transfer_Info x   SchoolID x  
EnrollmentCode x   State x  
EnrollmentID x   Status x  
EnrollmentType x   Street x  
EntryCode x   TeacherLoginID x  
EntryDate x   Title x  
Ethnicity   x Zip x  
ExitCode x        
ExitComment x        
ExitDate x        
Father x        
First_Name x        
Gender   x      
Grade_Level x        
Graduated_Rank x        
GuardianEmail x        
Home_Phone x        
Home_Room x        
ID   x      
Last_Name x        
LastFirst x        
Locker_Combination x        
Locker_Number x        
Mailing_City x        
Mailing_Geocode x        
Mailing_State x        
Mailing_Street x        
Mailing_Zip x        
Middle_Name x        
Mother x        
Next_School x        
PL_Language x        
SchoolEntryDate x        
SchoolEntryGradeLevel x        
SchoolID x        
State x        
State_StudentNumber   x      
Street x        
Student_Number   x      
Web_ID x        
Withdrawal_Reason_Code x    
 
 
For further questions please email us at [email protected] or you can call 307-789-7571 ext. 1072
Phishing
 

After breaches such as this cyber criminals will use the data acquired and begin phishing attempts as secondary attacks by using the email and phone numbers discovered from the primary attack.  

 

Why do criminals use phishing, what does it look like and what behaviors should you adopt to protect yourself?

Phishing is a form of cyber attack where attackers attempt to trick individuals into revealing sensitive information or granting unauthorized access. It typically involves sending fraudulent emails and messages or creating fake websites that appear legitimate. The goal is to lure victims into entering their login credentials, financial details, or other private data. Phishing attacks often exploit human vulnerabilities, such as fear, curiosity, or urgency, to manipulate people into taking the desired action. Awareness and vigilance are crucial in recognizing and avoiding phishing attempts, which can lead to identity theft, financial loss, or system breaches. If you believe you have fallen for a phishing attack, change your password, turn off your machine, and contact the IT department.

Phishing Link Video

 

Letter from WY Office of Homeland Security Director to School Districts:

IT - PowerSchool Signed Letter

 

Additional Information:

Wyoming Statutes § 40-12-502 Wyoming Computer Security Breach Act

K12SIX 2025 PowerSchool Data Breach Update 1/9/25

K12SIX (K12 Security Information eXchange) Advisory:

K12SIX has been made aware that unsolicited contacts are being made by external parties to district/school personnel offering advice/requesting assistance regarding the PowerSchool SIS data breach. While we do not have specific evidence of phishing campaigns being launched against schools with this pretext, we anticipate that such campaigns could be launched as early as this weekend. It is also possible that such attacks could be targeted to students and parents. K12SIX recommends that school systems proactively remind school community members to report suspected phishing to security teams, including messages about PowerSchool, and to consider ensuring school staff and teachers know with whom to check for the legitimacy of information about the incident.