The Department of Education has issued an update regarding the recent international cybersecurity breach involving unauthorised access to the PowerSchool Student Information System (SIS) customer data.
Commissioner of Education Kalmar Richards emphasised the seriousness of the situation and the Department's measures.
"PowerSchool has confirmed that the breach included data from some Bermuda Public Schools families and teachers. The data extracted were in the student and teacher tables. The compromised information primarily consists of parent and student contact details, such as names, students' date of birth, addresses, telephone numbers and email addresses.
"Additionally, PowerSchool has informed clients that more sensitive personally identifiable information (PII) was also affected for certain individuals. The Department captures PII information in the medical alert field, such as allergies and asthma. Unfortunately, until PowerSchool recovers the Bermuda database logs files covering the period of the breach, we are unable to confirm whether PII specific to Bermuda Public Schools was compromised."
Commissioner Richards continued, "We eagerly await a timeline for when we will receive confirmation regarding the impact on our students' PII. Upon receiving the update, the Department of Education will immediately inform affected individuals."
Commissioner Richards reassured stakeholders: "Our other cloud-based services, such as Schoology, remain secure and unaffected. Furthermore, we have submitted the Personal Information Notification documents to the Privacy Commissioner and have been fully cooperating with them."
"PowerSchool has been a trusted vendor for the Department since 2008, and this marks the first cybersecurity incident under their service. In addition to contact information for teachers and students, the Department utilises PowerSchool SIS tables to capture data on attendance, courses, enrollment history, grades, and behavior incidents. The Department remains committed to ensuring the security of all student and staff data and will take all necessary steps to safeguard any sensitive or personal data."
She concluded with a direct line of communication for concerns: "Families and staff with questions or concerns are encouraged to contact the Office of the Commissioner via email at coe@moed.bm
To read PowerSchool's statement on the cyber incident, visit https://www.powerschool.com/security/sis-incident/