403.527.3371

Medicine Hat High School

Medicine Hat Public School Logo
MHPSD Website
Alberta Education logo
Alberta Education
Transportation Registration
Busses
Devices
Google Classroom
Google Classroom
Google Meet
Google Meet
Google Drive
Google Drive
Medicine Hat High School logo
For Families & Students
Edsby
Edsby
Medicine Hat High School logo
Mental Health Supports
Form Icon
Parent Forms
Form Icon
Policies & AP's
Form Icon
Publications
Registration
Registration
Student Email
GMail
Graduation
Graduation
Destiny Library
Destiny Library
School Cash Online
SchoolCash Online
PowerSchool - Student & Parent
PowerSchool - Student & Parent
Medicine Hat High School logo
PSST World
More Useful Links
Microsoft
Password Self Serve
PowerSchoolLogos Vertical 03 1

Important Notice: PowerSchool Data Breach

event Published 2025-02-21 15:37:21 +0000 UTC

Feb 21, 2025

Families and staff who are impacted by the PowerSchool Data Breach will have recently received an email from PowerSchool about the incident. The email is being sent from Ps-sis-incident@mail1.csid.com, and includes information about identity protection and credit monitoring services. Families and staff can choose to use the free services, or not, at their own discretion. The email from PowerSchool may have been sent to your SPAM folder, you can expand the box below to see the full email: 

Email from Power School to impacted users (on, before, or after Feb 20, 2025) 

Dear PowerSchool User or Parent / Guardian of User:

You are receiving this notice on behalf of CHILD'S NAME (the “named individual”) from PowerSchool. As you may know, PowerSchool provides software and services to your current or former school or the current or former school of a person to whom you are a parent or guardian. We are writing to share with you some important information regarding a recent cybersecurity incident involving personal information belonging to the named individual.

What Happened?
On December 28, 2024, PowerSchool became aware of a cybersecurity incident involving unauthorized exfiltration of certain personal information from PowerSchool Student Information System (SIS) environments through one of our community-focused customer support portals, PowerSource.
What Information Was Involved?

Due to differences in customer requirements, the types of information involved in this incident included one or more of the following, which varied by person: name, contact information, date of birth, Social Insurance Number, limited medical alert information, and other related information. At this time, we do not have evidence that the named individual’s Social Insurance Number was involved. At this time, we do not have evidence that limited medical alert information for the named individual was involved.

MHPSD edited to the following: MHPSD does not collect Social Insurance Numbers, this information was not included as part of the data breach.

What Are We Doing?
PowerSchool is offering two years of complimentary identity protection services, provided by Experian, to students and educators whose information was involved. For involved students and educators who have reached the age of majority, in addition to Experian’s identity protection services, PowerSchool is also offering two years of complimentary credit monitoring services provided by TransUnion.
Offer: Experian Identity Protection Services – Available to All Involved Students and Staff
Enrollment Instructions for Experian IdentityWorks

Details Regarding Your Experian IdentityWorks Membership

A credit card is not required for enrollment in Experian IdentityWorks. You can contact Experian immediately regarding any fraud issues, and have access to the following features once you enroll in Experian IdentityWorks:

  • Internet Surveillance: Technology searches the web, chat rooms & bulletin boards 24/7 to identify trading or selling of your personal information on the Dark Web.
  • Fraud Remediation Tips: Self-help tips are available on your member center.

Offer: TransUnion Credit Monitoring Services – Available to Involved Students and Educators Who have Reached the Age of Majority in their Applicable Province or Territory. Enrollment Instructions for TransUnion myTrueIdentity

Details Regarding your myTrueIdentity Membership

Upon completion of the online enrollment process, you will have access to the following TransUnion myTrueIdentity features:

  • Unlimited online access to your TransUnion Canada credit report, updated daily. A credit report is a snapshot of your financial history and one of the primary tools leveraged for determining credit-related identity theft or fraud.
  • Unlimited online access to your CreditVision® Risk credit score, updated daily. A credit score is a three-digit number calculated based on the information contained in your TransUnion Canada credit report at a particular point in time.
  • Credit monitoring, which provides you with email notifications to key changes on your TransUnion Canada credit report. In today’s virtual world, credit alerts are a powerful tool to help protect you against identity theft, enable quick action against potentially fraudulent activity and provide you with additional reassurance.
  • Access to online educational resources concerning credit management, fraud victim assistance and identity theft prevention.
  • Access to Identity Restoration agents who are available to assist you with questions about identity theft. In the unlikely event that you become a victim of fraud; a personal restoration specialist will help to resolve any identity theft. This service includes up to $1,000,000 of expense reimbursement insurance.
  • Dark Web Monitoring, which monitors surface, social, deep, and dark websites for potentially exposed personal, identity and financial information and helps protect you against identity theft.
As soon as PowerSchool learned of the incident, we engaged cybersecurity response protocols and mobilized senior leadership and third-party cybersecurity experts to conduct a forensic investigation of the scope of the incident and to monitor for signs of information misuse. We are not aware at this time of any identity theft attributable to this incident.
What Can You Do?
You are encouraged to remain vigilant against incidents of identity theft and fraud by reviewing account statements for suspicious activity. PowerSchool will never contact you by phone or email to request your personal or account information.
Other Important Information.
If you have any questions or concerns about this notice, please call 833-918-7884, Monday through Friday, 8:00am through 8:00pm Central Time (excluding major US holidays). Please be prepared to provide engagement number B138905.

Feb 6, 2025

This breach has impacted many school boards across Canada and the United States.​ Here is an ​update on the PowerSchool data breach and details about how to enroll in the credit monitoring and identity protection offered by PowerSchool. Please carefully review this information to understand how you may be affected to help determine your next steps.

You may also check the PowerSchool website​ for updates on this incident. 

Credit Monitoring and Identity Protection​​​​

PowerSchool has engaged TransUnion and Experian, trusted credit reporting agencies, to offer two years of complimentary identity protection for all students and staff whose information from the PowerSchool student information system was involved. As well as credit monitoring services, for those who have reached the age of majority.

Please visit Notice of Data Breach For Individuals in Canada | PowerSchool for instructions on how to access identity protection and credit monitoring services being provided by PowerSchool.

January 24, 2025

PowerSchool has shared information to address the data breach and the frequently asked questions of families, educators and customers worldwide. The following information relates directly to those impacted from Medicine Hat Public School Division. See additional historical details below. 

Who in MHPSD is impacted?

All current and former MHPSD students and staff from 2010 and onward.

Which STUDENT data was accessed?

MHPSDs investigation has determined that the data accessed included:

  • Student demographic information such as first name, last name, date of birth, student/guardian home phone numbers, and mailing addresses. 
  • Alberta Student Numbers (ASN)
  • Guardian details such as first name, last name, email, address, contact alerts and custody orders. 
  • Student medical information, including details such as asthma, allergies, diabetes, or other medical conditions that parents shared with the school at the time of registration or reregistration. 
  • Although the data breach impacted each school division differently, MHPSD does not collect Social Insurance Numbers (SIN) and/or Alberta Health Numbers as part of student records.

Which STAFF data was accessed?

Limited work-related data, including names, email addresses, and internal identification numbers were accessed.  

  • MHPSD does not store Social Insurance Numbers (SIN) in the PowerSchool staff record. 

Was financial information accessed?

No. Financial information is not stored in PowerSchool, therefore it was not impacted by the data breach. Financial information is defined as bank account numbers, credit or debit card details and financial transaction records. 
 

PowerSchool manages student information as defined above, but when parents or guardians make a payment during registration, they are redirected to SchoolCash Online via a secure link. Data is not shared between PowerSchool and SchoolCash online. 

Were photos accessed?

No. Student and staff photos were not accessed.

I uploaded personal documents during the registration process. Have those been compromised?

No. Personal documents, such as birth certificates and other legal documents uploaded during the registration process are NOT stored in PowerSchool. 

Can I still use my PowerSchool Account?

Yes, you can continue to use your PowerSchool account. The PowerSchool cybersecurity incident has not disrupted daily school operations, classroom instruction and will not impact online registration. The incident has been contained and additional security measures have been implemented by PowerSchool to prevent future breaches. Refer to PowerSchool for more information.

What can the data taken be used for?

The accessed data could potentially be used for identity theft, where personal details are misused to impersonate someone or commit fraud. It could also be used for phishing or social engineering, such as sending fake emails or messages designed to trick individuals into revealing sensitive information like passwords or financial details.

While no financial information, passwords, or personal documents were accessed, it is always important to monitor digital accounts to watch for activity that is not yours.

Be cautious with emails or messages that seem unfamiliar. Avoid clicking on unknown links and refrain from sharing personal details in response to unsolicited requests.

How did the data breach happen?

PowerSchool reports that the breach occurred after an unauthorized party used a compromised credential to gain access, affecting information from multiple school divisions worldwide, including Medicine Hat Public School Division.

PowerSchool has reported that the vulnerability has been identified and resolved. They have also implemented enhanced security measures to prevent similar incidents in the future. Please visit PowerSchool for more information. 

What measures are in place to protect against future breaches?

This was a PowerSchool breach. PowerSchool reports that it has strengthened its password policies and controls, including increasing the length and complexity of the passwords required of all employees. PowerSchool is working with CrowdStrike, a leading cybersecurity company, monitoring the internet for any potential misuse of data. 

MHPSD is also monitoring this situation closely. MHPSD will continue to work closely with all third party service providers to evaluate their ability to keep our data safe. 

Medicine Hat Public School Division has Multi-Factor Authentication (MFA) enabled for all staff. MFA reduces the risk of account takeovers and provides a necessary additional layer security for users and their accounts. MHPSD maintains a proactive and ongoing commitment to improving cybersecurity measures. We are aware of the dynamic nature of cyber threats and we are dedicated to adapting and evolving strategies to mitigate risks.

What should I watch out for to protect my information?

Using the following practices will help individuals reduce the risks associated with keeping you and your data safe online: 

  • Regularly check email, online accounts, and social media accounts for any signs of unusual activity.
  • Update all account passwords frequently, especially if any have been reused across different platforms.
  • Use strong, unique passwords for every account, and consider using a password manager for enhanced security.
  • Activate two-factor or Multi-Factor Authentication on any accounts where it’s available for extra protection.

Additionally, stay vigilant against phishing attempts. Be cautious of unfamiliar emails, email addresses, calls, or messages that claim to be from legitimate organizations. Never click on suspicious links or share personal information without verifying the source. By taking these precautions, you can help safeguard your accounts and reduce the risk of unauthorized access.

Will Identity protection and credit monitoring be offered?

PowerSchool has engaged with TransUnion and Experian, trusted credit reporting agencies, to offer complimentary identity protection and credit monitoring services to all students and staff whose information was involved in the data breach. 

  • Identity Protection: PowerSchool is offering two years of complimentary identity protection services, which will be provided by Experian, in Canada and the United States, for all students and staff whose information was impacted.
  • Credit Monitoring: PowerSchool will offer two years of complimentary credit monitoring services, provided by TransUnion, for all students and staff (whose information was involved) and have reached the age of majority. This service is being provided by TransUnion because Experian does not offer credit monitoring in Canada.

Please visit Notice of Data Breach For Individuals in Canada | PowerSchool for instructions on how to access identity protection and credit monitoring services being provided by PowerSchool.

We should switch providers and not use PowerSchool anymore. 

All vendor services are provided to us on a contract basis. At the end of each contract cycle we evaluate the partnership and explore alternative vendor options before moving ahead. We consider a variety of factors as part of our decision, security being one of the most important criteria. 

I have more questions, where can I find answers?

Send us an email communications@sd76.ab.ca

January 14, 2025

MHPSD's Information Technology team continues to work directly with PowerSchool. PowerSchool has shared information to address the data breach and the frequently asked questions of families, educators and customers. CrowdStrike, is a third party cyber security company that is investigating for PowerSchool; they will provide a public report as soon as possible. When the report is published, MHPSD will provide more details.  

January 9, 2025

Medicine Hat, AB: A data breach in PowerSchool has impacted the personally identifiable information of Medicine Hat Public School Division staff and students. PowerSchool is a third party platform that is used by school divisions across the globe to store student and staff data.   

  • The security issue has been resolved, and PowerSchool systems are now operating securely. 
  • PowerSchool has assured us, as well as our own incident response team, that NO financial information related to individuals in Medicine Hat Public Schools was involved in this breach.  
  • PowerSchool has notified us that the data accessed by an unauthorized user has been deleted and that no copies were kept or shared. They have implemented enhanced security measures and continue to closely monitor their systems.  
  • Information related to other applications connected to PowerSchool, such as SchoolEngage (for online registration), SchoolCash Online and SchoolMessenger were not affected as a result of this incident.  

PowerSchool identified the breach on December 28, 2024, and acted to secure the affected data and mitigate any ongoing risks. MHPSD was notified of this incident on January 7, 2025. This breach was widespread, impacting PowerSchool clients across Canada, the United States, and other parts of the world. It was not limited to Medicine Hat Public School Division. 

PowerSchool has assured us as well as our own cyber security team that no financial information related to individuals in Medicine Hat Public Schools was involved in this breach. Please know that we are working with PowerSchool to understand the full scope of the incident and will share more information as more information is available.   

We recognize the critical importance of protecting personal information and want to assure you that we are taking this matter seriously. There is no action required at this time, updates will be provided on this page.  

Jan 8, 2025

MHPSD is aware of a global data breach of PowerSchool Student Information System. We are working with PowerSchool and information will be shared when it becomes available. 

Recently Published

All News