Cleveland City Schools is committed to keeping our families and staff informed of important developments that impact our community. We want to provide an update regarding the cybersecurity incident experienced by PowerSchool in December 2024.
Recently, PowerSchool notified districts across the country that a threat actor has contacted multiple school district customers in an attempt to extort them using data obtained during that previously reported breach. PowerSchool does not believe this is a new or separate incident, but rather a continued effort by the same individuals responsible for the December 2024 breach.
PowerSchool has assured us they are taking this situation seriously. They are actively working with leading cybersecurity experts to assess this latest development and have reported the activity to law enforcement agencies in both the United States and Canada.
Following the original incident, PowerSchool offered two years of free credit monitoring and identity protection services to all affected students and staff โ regardless of whether they were directly impacted. We continue to encourage anyone who was offered these services to take advantage of them:
For individuals in the U.S.:
https://www.powerschool.com/security/sis-incident/notice-of-united-states-data-breachFor individuals in Canada:
https://www.powerschool.com/security/sis-incident/notice-of-canada-data-breach
As previously reported, PowerSchool made the decision to pay a ransom in connection with the December 2024 breach, believing it was in the best interest of their customers and the communities they serve. However, as is often the case with these types of cyber incidents, there is always a risk that the individuals responsible will not honor their assurances to delete the stolen data.
We are sharing this information as part of our ongoing commitment to transparency. Cleveland City Schools remains in close contact with PowerSchool and will continue to provide updates as they become available.