February 7, 2025
To: Parents and Guardians
From: Twin Valley USD 240
Subject: PowerSchool Cybersecurity Update

Dear Twin Valley Families –

PowerSchool has initiated the process of notifying individuals whose information was determined to be involved.

As previously mentioned, PowerSchool has engaged Experian, a trusted credit reporting agency, to provide complimentary identity protection and credit monitoring services to current and former students and educators that had information exfiltrated from PowerSchool SIS. PowerSchool is doing this regardless of whether an individual’s Social Security Number was exfiltrated. In the coming weeks, Experian (on behalf of PowerSchool) will be distributing direct email notifications to involved individuals (or their parent/guardian, as applicable) for whom PowerSchool has sufficient contact information.

Additionally, PowerSchool has worked with Experian to set up a dedicated, toll-free call center to answer any questions associated with these offerings and the incident. All the information regarding the activation of and access to these services will be included in the email sent to you by Experian. Whether or not you receive an email, you may also visit PowerSchool’s website to learn how to activate the offering from Experian, linked here: http://www.powerschool.com/security/sis-incident/notice-of-united-states-data-breach/

Protecting our students and teachers remains our top priority. Thank you again for all of your support and understanding during this time.

You can also refer to the Twin Valley website set up where we will continue to post any information shared from PowerSchool. https://www.usd240.org/o/usd240/page/powerschool-breach

Have a great weekend… Go Chiefs!

Pam Irwin, Superintendent

January 23, 2025
SUBJECT: An Update from Twin Valley Schools on the PowerSchool Cybersecurity Incident

Dear families and educators of the Twin Valley Schools:

As we previously communicated, PowerSchool – a cloud-based software vendor used by Twin Valley to house basic student demographics and school records – recently experienced a cybersecurity incident involving unauthorized access to certain information in the PowerSchool Student Information System (SIS).

We are reaching out to share more information and next steps that we recently received directly from PowerSchool:

• Identity Protection and Credit Monitoring Services: PowerSchool has engaged Experian, a trusted credit reporting agency, to offer two years of complimentary identity protection services for all students and educators whose information from our PowerSchool SIS was involved. This offer will also include two years of complimentary credit monitoring services for all adult students and educators whose information was involved.

• Notification to Individuals Involved: Starting in the next few weeks, in collaboration with Experian, PowerSchool will provide notice to students (or their parents / guardians if the student is under 18) and educators whose information was involved, as well as a phone number to answer any questions you may have about the incident. The notice will include the identity protection and credit monitoring services offer (as applicable).

• As soon as PowerSchool learned of the incident, they engaged cybersecurity response protocols and mobilized senior leadership and third-party cybersecurity experts to conduct a forensic investigation of the scope of the incident and to monitor for signs of information misuse. PowerSchool is not aware of any identity theft attributable to this incident.

Although this was an issue with PowerSchool, we are taking cautionary steps within our system to ensure we are following cybersecurity protocols to reduce the risk of this happening in our district with platforms we access directly. There were 36 accounts that did have a social security number included in our system. We have removed those numbers and will attempt to contact each person in the next few days. Some of the individuals were students in Twin Valley prior to 2015, so we may need some assistance tracking people down to get them this information.

We’ve set up this website on our district page to post information as it becomes available from PowerSchool.

I encourage you to visit https://www.powerschool.com/security/sis-incident/ for up-to-date information on the cybersecurity incident. We care deeply about the welfare of our Twin Valley families and will continue to do everything we can to support you. Thank you for the important role you play in our community and your shared commitment to putting our students first.

Sincerely,

Pam Irwin, Superintendent
Kinsy McVay, IT Director
Twin Valley Schools

___________________________________________________________________________________________________________________

January 9, 2025
SUBJECT: PowerSchool Data Breach

Dear Parents,

I am writing to inform you of a cybersecurity incident involving PowerSchool, the student information system used by our schools. On December 28, 2024, PowerSchool became aware of unauthorized access to certain data through its customer support portal, PowerSource. The company’s investigation determined that a compromised credential was used to access some PowerSchool SIS (Student Information System) customer data.

As soon as the incident was identified, PowerSchool engaged cybersecurity experts, restricted access to the affected portal, reset passwords, and informed law enforcement.  PowerSchool has hired a third-party company to investigate the incident.  Their official report is expected to be released towards the end of next week.

While there is no evidence of continued unauthorized activity, and the incident is now contained, PowerSchool is committed to providing transparency and support. During the webinar conducted yesterday, we were told they would be providing a list of specific accounts that were compromised.  For those accounts impacted, they have stated they will provide credit monitoring and additional security measures as warranted.

Once we receive the official list of compromised accounts, we will notify each account holder and share next steps.  

We take the security of your child’s information seriously. Although there is no further action required from parents at this time, please feel free to reach out to our IT Director, Kinsy McVay, if you have any questions or concerns. kmcvay@usd240.org

Thank you for your understanding and continued trust in our schools.

Pam Irwin, Superintendent
Kinsy McVay, IT Director