At least three MetroWest school districts were affected by a nationwide data breach linked to the school software company PowerSchool.
Wellesley, Millis and Hopkinton were among the school districts in Massachusetts affected by the data breach, which could have compromised school district information, including personal information about teachers and students.
In an email to parents, Wellesley Superintendent of Schools David Lussier and Director of Educational Technology Adam Steiner said they would investigate the breach.
“In a webinar held this afternoon (Jan. 8), PowerSchool officials stated that the information breach was part of a targeted attack that used a compromised login in PowerSchool’s customer support portal to steal a large amount of data from schools across the country to find and download,” Wellesley’s email reads. “The information accessed relates to students, families and teachers.”
The Hopkinton Public School District is one of three districts in MetroWest reportedly affected by a data breach tied to software company PowerSchool.
According to the two, PowerSchool learned of the attack when the perpetrator notified the company of the breach and requested payment to destroy the data.
“PowerSchool officials said they paid the perpetrator an undisclosed amount in exchange for video evidence that the data had been deleted,” Lussier and Steinber wrote. “PowerSchool officials stated that they believe there are no additional copies of the data and that the data will not be shared with the public.”
Wellesley Public Schools said it will compile a list of information included in the breach. No banking or credit information is collected by PowerSchool and no photos are involved in the breach.
The PowerSchool data breach affects schools across the country
Millis Public Schools was also affected by the breach, according to WHDH. NBC Boston also reported that Hopkinton Public Schools were affected.
In a statement to WCVB-TV, PowerSchool confirmed the breach but said it is not experiencing any disruptions. The Folsom, California-based company became aware of a “potential cybersecurity incident” in late December.
“PowerSchool is not experiencing and does not expect to experience any operational disruption and continues to provide normal services to our customers,” the company statement said. “As soon as we learned of the incident, we immediately activated our cybersecurity response protocols and mobilized a cross-functional response team, including senior leadership and external cybersecurity experts.”
The statement continued: “PowerSchool is committed to protecting the security and integrity of our applications. We take our responsibility to protect the privacy of student data and act responsibly as data processors very seriously. PowerSchool is committed to helping affected customers, families and providing teachers with the resources and support they need as we work through this together.”
According to its website, PowerSchool is a provider of cloud-based software for primary and secondary education that connects the central office with the classroom and the home. It was acquired by Boston-based Bain Capital in October in a $5.6 billion deal, the company said on its website.
This article originally appeared on MetroWest Daily News: Wellesley, Hopkinton and Millis schools hit by data breach
