AUBURN — PowerSchool is offering free credit monitoring for families of students in Auburn and Lewiston public schools who were impacted by a data breach of its servers.
The company, whose K-12 school software platform is used throughout the United States, informed clients in January that their data may have been compromised in a cybersecurity breach.
Among those impacted were schools in Auburn, Lewiston and Lisbon. Across the state, more than 33,000 residents were affected by the breach, the company said.
Various types of personal data of students and teachers were taken in the cyberattack, however no Social Security information or financial information was accessed, according to staff at Lewiston and Auburn. All students and staff were impacted in Lisbon and Auburn but not all students were affected in Lewiston.
School departments use PowerSchool to track information such as grading, attendance and student demographics.
PowerSchool became aware of the data breach Dec. 28, 2024, according to its website. The company said it has no reason to believe that there is any malware or unauthorized activity continuing in its software.
Included in the breach were some names, contact information, dates of birth, limited medical alert information, Social Security numbers, social insurance numbers and other information, though how much was breached in each individual school district varies.
CrowdStrike, a cybersecurity company, found that someone used a compromised credential through PowerSchool’s customer support portal to gain access to its system. CrowdStrike has not found any evidence that stolen data is available for sale or download. The unauthorized access is believed to have occurred Dec. 19, 2024, PowerSchool said.
Impacted families were notified by PowerSchool through the contact information in its system.
In Auburn, the data breach impacted all students and staff in the system back to the 2003-04 school year, according to Auburn Schools Technology Director Peter Robinson.
In Lewiston, directory information and some records, such as some student discipline and health information, were breached but no Social Security numbers, Superintendent Jake Langlais said. Not all students were impacted by the breach.
Lisbon public schools also uses PowerSchool and some of its families’ data was breached. It is unclear at this time how much information was taken from Lisbon families or if free credit monitoring will be available to them. Staff at the school did not immediately respond to requests for further comment Monday.
For more information on the situation and how to access credit monitoring, visit PowerSchool’s website at powerschool.com/security/sis-incident/.
We invite you to add your comments. We encourage a thoughtful exchange of ideas and information on this website. By joining the conversation, you are agreeing to our commenting policy and terms of use. More information is found on our FAQs. You can modify your screen name here.
Comments are managed by our staff during regular business hours Monday through Friday as well as limited hours on Saturday and Sunday. Comments held for moderation outside of those hours may take longer to approve.
Join the Conversation
Please sign into your Sun Journal account to participate in conversations below. If you do not have an account, you can register or subscribe. Questions? Please see our FAQs.