PowerSchool informed RVS on Jan. 7 of a data breach incident. Current information we have from PowerSchool and from our Technology department's investigation is available here.

Posted Feb. 10, 2025

Dear RVS Staff and Families, 

Thank you for your patience while we gathered more information about the international PowerSchool data breach. We have an update and details about how to enroll in the credit monitoring and identity protection offered by PowerSchool. Please carefully review this information to help determine your next steps. 

What happened?

On Jan. 7 PowerSchool informed us of a data breach impacting Rocky View Schools (RVS) and school divisions across the globe. PowerSchool has stated an unauthorized party gained access to certain PowerSchool student information system demographic data and some staff data using one of their corporate support credentials which became compromised. PowerSchool has a third-party cyber security response team investigating the incident. They believe the data copied through the breach has been deleted without any further replication or dissemination. The system remains fully functional and is safe to use. 

Who was impacted?

Records of current students and staff have been accessed as well as former students and staff dating back to 2012. 

What information was impacted?  

In addition to what PowerSchool had informed us was potentially included in the data breach, RVS’ Technology team’s thorough investigation confirmed the following data was included in the PowerSchool breach.  

The data accessed primarily includes current and former parent, student and staff contact information. Not all students or staff had all of these fields entered. The data elements for students included information such as student ID number and encrypted password, first and last name, date of birth, gender, and home address information. Some parent/guardian and emergency contact names and phone numbers were included as well as doctor name and phone number. Additional data provided by parents to support student learning may have been accessed. This could include medical, custody and court order arrangements, coding and programming information. Staff information that was accessed included their first and last name, position title, contact information, school code, home addresses, RVS email address, RVS login ID and at least three-year-old encrypted passwords which are no longer used to access PowerSchool.  

What data was not accessed through the breach? 

No personal documents or photos were accessed. Personal documents such as birth certificates and drivers’ licences are uploaded into the SchoolEngage system and not PowerSchool. No financial/banking information or social insurance numbers were accessed as this data is held in a different system that is not connected to PowerSchool.  

Credit Monitoring and Identity Protection

PowerSchool has informed RVS it will offer two years of complimentary identity and credit monitoring services to students and staff impacted by the breach through trusted credit reporting agencies. 

• Credit monitoring services will be offered through TransUnion to those who have reached the age of majority. 
• Identity protection services will be available through Experian to all students and staff impacted by the breach. 

Experian Identity Protection Services are Available to all Impacted Students and Staff 

• Visit the Experian IdentityWorks website to enroll: https://www.globalidworks.com/identity1 

• Provide the activation code: MPRT987RFK 

• The deadline to enroll is May 30, 2025 (the code will not work after 11 a.m. MT on this date) 
• For questions about the product or help with enrollment, please email globalidworks@experian.com 

TransUnion Credit Monitoring Services are Available to all Impacted Students and Staff who have Reached the Age of Majority 

• Please visit http://www.powerschool.com/security/canada-credit-monitoring/. There you will find a link to the validation website, https://CaCreditMonitoringValidationPage-PowerSchool.com/, where you will be prompted to validate your information by entering your first name, last name and year of birth 
• If your identity is validated, a pop up will appear that provides an activation code and provides you a link to TransUnion’s myTrueIdentity site to enrol 

Where Can I Find the Latest Information?

The most up-to-date information is posted on the RVS website. We will continue to update it as more information becomes available. You may also check the PowerSchool website for updates. 

Should you have any additional questions, please contact info_security@rockyview.ab.ca. 

Posted Jan. 28, 2025

Thank you for your continuing patience as we address the PowerSchool data breach impacting Rocky View Schools (RVS). Since learning of the breach on Jan. 7, we have been working with PowerSchool and doing our own internal investigation to determine which students and staff have been impacted.

PowerSchool has informed RVS it will offer two years of complimentary identity and credit monitoring services to students and staff impacted by the breach through trusted credit reporting agencies.

• Credit monitoring services will be offered through TransUnion to those who have reached the age of majority
• Identity protection services will be available through Experian to all students and staff impacted by the breach.

We are working with PowerSchool to gain additional information including how to enroll in these services. We will provide an update when we know more.  The most up-to-date information we have is posted on the RVS website including answers to the most Frequently Asked Questions. You can also check the PowerSchool website for updates about the incident.

Thank you again for your understanding as we continue to work through this complex situation with PowerSchool.

Frequently Asked Questions

Q: What data was accessed?   
A: In addition to what PowerSchool had informed us was potentially included in the data breach, RVS’ Technology team’s investigation confirmed the following data was included in the PowerSchool breach. The data accessed primarily includes current and former parent, student and staff contact information. Not all students or staff had all of these fields entered. The data elements for students included information such as student ID number and encrypted password, first and last name, date of birth, gender, and home address information. Some parent/guardian and emergency contact names and phone numbers were included as well as doctor name and phone number. Additional data provided by parents to support student learning may have been accessed. This could include medical, custody and court order arrangements, coding and programming information. Staff information that was accessed included their first and last name, position title, contact information, school code, home addresses, RVS email address, RVS login ID and at least three-year-old encrypted passwords which are no longer used to access PowerSchool. No financial information, Social Insurance Numbers or photos were accessed. We continue to await specifics from PowerSchool. 

Q: Were photos accessed?  
A: No. We can confirm the data accessed was text only and no attachments such as photographs.   

Q: Were personal documents compromised?  
A: No. Personal documents such as birth certificates and drivers’ licences are uploaded into the SchoolEngage system and not PowerSchool. These documents or attachments were not accessed.   

Q: Do I need to change my password/email?  
A: Regularly changing passwords is recommended as a best practice to help protect your information.   

Q: When will RVS provide us with more information?  
A: We have limited information from PowerSchool and we have shared what we know today. The most recent information we have as of Jan. 9 is on our website. We will update our website when we have more information.   

Q: Can I opt out of having my/my child’s information in PowerSchool?  
A: No. School divisions in Alberta are required to maintain a student information system such as PowerSchool. PowerSchool is the student information system used by school divisions across North America and internationally.  

Q: Is PowerSchool safe to use?   
A: Yes. PowerSchool has indicated the incident has been contained and they have increased security within their systems to prevent further incidents. The system remains fully functional and is safe to use. RVS has also taken precautionary measures.   

Q: How did the breach happen?  
A: PowerSchool has stated an unauthorized party gained access to certain PowerSchool student information system demographic data using one of their corporate support accounts which became compromised. PowerSchool has a third-party cyber security response team investigating the incident. They believe it is contained but some of RVS’ student and staff data may have been obtained during the breach. PowerSchool has stated they do not anticipate the data involved being shared or made public, and they believe it has been deleted without any further replication or dissemination.  

Q: Will credit monitoring be offered?  
A:  PowerSchool has informed RVS it will offer two years of complimentary identity and credit monitoring services to students and staff impacted by the breach through trusted credit reporting agencies.

• Credit monitoring services will be offered through TransUnion to those who have reached the age of majority
• Identity protection services will be available through Experian to all students and staff impacted by the breach.

We are working with PowerSchool to gain additional information, including how to enrol in these services. We will provide an update when we know more. 

FAQ from PowerSchool

Posted: Jan. 9, 2025

PowerSchool, Rocky View Schools’ (RVS) student information system, informed RVS they had a data breach incident impacting many school divisions across North America including RVS. PowerSchool is a third-party which provides a cloud-based student information system used by most school divisions in Canada, the United States and internationally.

PowerSchool informed RVS Tuesday afternoon (Jan. 7, 2025) of a breach that took place on Dec. 28, 2024. RVS takes the security and privacy of personal information very seriously. Since we were notified, we have been working to gather additional information from PowerSchool on their investigation and our Technology team has been conducting our own investigation. While the scope of the incident is still being determined, we can reassure families and staff that no financial information was stored in PowerSchool. On Jan. 9, 2025, we notified all impacted individuals using available contact information of this incident and applicable privacy regulators.

PowerSchool has stated an unauthorized party gained access to certain PowerSchool student information system demographic data using one of their corporate support credentials which became compromised. PowerSchool has a third-party cyber security response team investigating the incident. They believe it is contained but some of RVS’ student and staff data may have been obtained during the breach. PowerSchool has stated they do not anticipate the data involved being shared or made public, and they believe it has been deleted without any further replication or dissemination. The company has indicated the incident has been contained and they have increased security within their systems to prevent further incidents.

We do not have any further information from PowerSchool and do not know the extent to which our division was compromised. We understand the concern this will cause for many of our families and staff, and we assure all those impacted by this situation RVS is taking this very seriously. PowerSchool has committed to sharing more detailed information with us when they have it. We will communicate what we know to families and staff as quickly as possible when we know more. The system remains fully functional and is safe to use.

We are sharing the letter sent to us from PowerSchool notifying us of the breach.

View the letter as a PDF