Indirect Notice PowerSchool

May 31, 2025

Dear Lakeshore School Division Community,

As you may know, PowerSchool, a provider of Student Information Systems (SIS), recently experienced a cybersecurity incident. Like many school institutions across North America, we use PowerSchool for our SIS and thus were informed by PowerSchool that information stored by Lakeshore School Division in our SIS was involved in the incident. This includes personal information of students, parents/guardians, and educators. We have written to our community about this incident many times previously. This notice is intended for those who have not seen our previous communications. If you have seen our previous communications, you do not need to read this and can instead refer to our previous communications. 

PowerSchool has sent emails to students, parents/guardians, and educators whose information was involved in the incident. We understand from PowerSchool that the email was sent from one of the following similar email addresses: ps-sis-incident@mail.csid.com; ps-sis-incident@mail1.csid.com; or ps-sis-incident@mail2.csid.com. If you received an email from any one of these email addresses with the subject line “PowerSchool Cybersecurity Incident”, we have been assured by PowerSchool that it is a legitimate email. The email includes information about how to activate 2 years of identity protection and/or credit monitoring services offered. 

Whether or not you received the email from PowerSchool, you may also visit PowerSchool’s website to learn how to activate the identity protection and/or credit monitoring services. For those able to utilize credit monitoring services (anyone age 18 and over), you will be prompted to validate before activating by entering your name and date of birth. Anyone, including those under 18, can utilize the identity protection services. PowerSchool has advised that you can call 833-918-7884 if you have any questions.

Please review the email from PowerSchool carefully. It includes details about the incident and the information identified by PowerSchool as involved. In the email, PowerSchool explains that, on December 28, 2024, it became aware that it experienced a cybersecurity incident involving unauthorized access to and exfiltration (acquisition) of certain personal information from PowerSchool SIS environments. This occurred between around December 19 and December 28, 2024. PowerSchool also advised us that it has taken steps to try to prevent the information involved from further unauthorized access or misuse. 

You will see that PowerSchool includes in the email a description of some of the information that was potentially involved in the incident. The information involved varies by person. 

For students, the information involved will generally be limited to information parents/guardians provided Lakeshore School Division upon registration of their child as a student or any subsequent updates to that information. For students, the information involved was name, date of birth, gender, contact information, address, doctor’s name and phone number, relevant medical information (e.g., allergies), MET number, school ID number, enrolment/registration records, and/or relevant alerts (e.g., related to discipline, guardian, custody, or other issues) as well as the parent/guardian’s name and contact information. 

For staff, the information involved was name, date of birth, gender, phone number, address, school email address, Professional School Personnel number, and/or school ID number.

Parent/Guardians/Students 

As we mentioned previously, based on our own investigation of the information stored in our SIS, no parent/guardian or student SIN, banking, or credit card information was stored in our SIS and thus such information was NOT involved in the incident. As such, the email from PowerSchool should say there is no evidence your SIN was involved. PowerSchool has nevertheless offered identity protection and/or credit monitoring to all individuals with any information involved. We encourage you to sign up for the services offered by PowerSchool. 

Staff 

As we mentioned previously, based on our own investigation of the information stored in our SIS, a subset of staff was identified as having their SIN stored in our SIS. No staff banking, or credit card information was stored in our SIS and thus such information was NOT involved in the incident For both staff whose SIN was stored in our SIS and for staff whose SIN was not stored in our SIS, PowerSchool has offered identity protection and/or credit monitoring to all individuals. We encourage all staff to sign up for the services offered by PowerSchool. 

Everyone 

When we learned of the incident, we conducted an investigation with the assistance of experts and worked diligently to request details from PowerSchool. We also worked with other school divisions in Manitoba that are similarly impacted. We have been assured by PowerSchool that the incident has been contained. We took steps to confirm there was no ongoing threat and to reduce the risk of a similar future threat, including by confirming that PowerSchool: engaged its cybersecurity response protocols, engaged a cybersecurity expert to conduct a forensic investigation, deactivated a compromised account, conducted a full password reset, initiated enhanced processes for access, further strengthened password policies and controls, and notified law enforcement. We have also informed the Manitoba Ombudsman of the incident and have attached additional information about steps you can take to help protect personal information.

Please find answers to some questions you may have by clicking here powerschool-faq-lakeshore-school-division.70cb682687.pdf. If you have any additional questions, they can be directed to the Division Office at 204-739-3207 or Contact Us

In Lakeshore School Division, we take cybersecurity and protecting information seriously. We sincerely regret that this incident occurred and thank you for your understanding.