Ten Schools, Three Districts, One Community of Learners
The following message was sent to families on Friday, January 17, 2025:
Dear Parent(s) and Guardians(s),
This afternoon, the District learned more information from PowerSchool regarding what monitoring services it will provide families, due to the data breach. In the next week or two, families can expect the following:
In the meantime, I encourage families to visit the NSboro PowerSchool Data Breach site and PowerSchool’s FAQ site for up-to-date information on the incident. If you have any additional questions, please reach out by emailing help@nsboro.k12.ma.us.
Respectfully,
Gregory L. Martineau
Superintendent of Schools
Jon Parent
Director of Information Technology
Cathy Carmignani
Director of Instructional Technology
The following message was sent to families on Wednesday, January 8, 2025 via ParentSquare.
Dear Parent(s) and Guardian(s),
On January 7, 2025, The Public Schools of Northborough and Southborough’s (NSboro) student information system vendor, PowerSchool (the largest provider of cloud-based education software for K-12 education in the U.S), notified us that a widespread internal PowerSchool data breach affecting districts nationwide had occurred. Unfortunately, this resulted in NSboro’s student and staff personally identifiable information being accessed by an unauthorized third party.
Protecting the privacy and security of student, family, and staff data is a top priority for our District. As soon as we were made aware of the situation, we initiated our own internal investigation to confirm PowerSchool’s findings. PowerSchool told its clients: “The incident is contained, and we do not anticipate the data being shared or made public.” We will continue working with PowerSchool to understand what data was exported and how they will provide support to those affected.
We are committed to ensuring transparency and providing information about how this is being addressed. Once we have more information from PowerSchool, we will send out additional communications. In the meantime, please reach out with any immediate concerns to help@nsboro.k12.ma.us.
Respectfully,
Gregory L. Martineau
Superintendent of Schools
Jonathan Parent
Director of Information Technology
On January 7, 2025, the Public Schools of Northborough and Southborough (NSBoro) were notified by PowerSchool, the largest provider of cloud-based education software for K-12 education in the U.S., about a widespread internal data breach. This breach affected school districts nationwide, including NSBoro. Unfortunately, the breach resulted in the disclosure of NSBoro staff’s personally identifiable information (PII) to an unauthorized third party.
PowerSchool stated that a support contractor’s login account was compromised which allowed authorized access into many of their clients’ data systems.
Unauthorized access to our district’s data occurred on December 22, 2024, at 6:11 a.m. and again at 9:11 p.m..
PowerSchool became aware of the breach on December 28, 2024, when the attackers contacted them with an extortion demand in exchange for destroying the stolen data.
PowerSchool notified the District of the breach on January 7, 2025, at approximately 2:00 p.m., via email.
PowerSchool confirmed that they paid the attackers an undisclosed amount in exchange for a video showing the electronic destruction of the stolen data.
Yes, the district uses several PowerSchool products, including Records, TalentEd, and SchoolSpring. However, PowerSchool has stated that only the PowerSchool SIS (Student Information System) was affected by this data breach.
PowerSchool has created a site of their own for Frequently Asked Questions.
Please refer to the table below for detailed information on the data fields included in the breach. Two tables from within PowerSchool SIS were exported: “Students_export.csv” and “Teachers_export.csv”. From reviewing available log data, we were able to reconstruct the fields exported by the unauthorized user. We have also included summary statistics regarding the percentage of those fields containing actual data.
No medical records were compromised, as they are stored in a separate system. However, some medical alerts and physician information related to students were disclosed.
No custody records were compromised, as they are stored in a separate system. However, some medical alerts and physician information related to students were disclosed.
General custody information was not compromised. However, guardian alerts were disclosed. This contains a brief note if there was a need for a child to have a custody alert in our system due to a court order. If you have concerns, please contact us at help@nsboro.k12.ma.us.
PowerSchool has assured the district that no passwords were compromised and no data was tampered with. Based on this information, we are continuing to use PowerSchool SIS. There are no restrictions on the use of the software by either students or staff at this time.
PowerSchool has engaged with CrowdStrike, a leading cybersecurity organization, to conduct a forensic analysis of event logs during the unauthorized access period. They will provide updates if new information becomes available. However, PowerSchool does not feel any backdoor access was created.
We are currently reviewing all of our digital systems to ensure they are as secure as possible, including account audits, configuring multi-factor authentication, and implementing automated account management between key data systems, where possible.
We are currently awaiting additional information regarding this possibility.
Student Data Table
PowerSchool Data Field Name | Field Description | Percentage of breached records containing data in this field |
STUDENTS.ID | Unique identifier for a student in the system. | 100.00% |
STUDENTS.dcid | random number | 100.00% |
STUDENTS.Enroll_Status | data is a 0, 1, 2, 3 or 4 | 100.00% |
STUDENTS.Enrollment_SchoolID | DESE code for the school | 99.99% |
STUDENTS.DOB | The student’s date of birth. | 99.97% |
STUDENTS.EnrollmentID | Number associated to student’s enrollment record. | 99.94% |
STUDENTS.EntryDate | Date the student entered the school or district. | 99.94% |
STUDENTS.Exclude_fr_rank | Data is set to false | 99.94% |
STUDENTS.ExitDate | The date the student exited the school or district. | 99.93% |
STUDENTS.Father_StudentCont_guid | Unique ID - random string of numbers | 99.93% |
STUDENTS.First_Name | The student’s first name. | 99.93% |
STUDENTS.Guardian_StudentCont_guid | Unique ID - random string of numbers | 99.93% |
STUDENTS.Last_Name | The student’s last name. | 99.93% |
STUDENTS.LastFirst | The student’s full name in "Last Name, First Name" format. | 99.93% |
STUDENTS.Log | date stamp | 99.93% |
STUDENTS.LunchStatus | Data taken was either a 0 or 1. | 99.93% |
STUDENTS.MembershipShare | data is "1" | 99.93% |
STUDENTS.Mother_StudentCont_guid | Unique ID - random string of numbers | 99.93% |
STUDENTS.Person_ID | Unique ID - random string of numbers | 99.93% |
STUDENTS.Sched_LoadLock | Data taken was either true or false | 99.93% |
STUDENTS.Sched_LockStudentSchedule | Data taken was either true or false | 99.93% |
STUDENTS.Sched_Scheduled | Data taken was either true or false | 99.93% |
STUDENTS.SchoolID | DESE school identifier number | 99.93% |
STUDENTS.State | The state where the student resides. | 99.93% |
STUDENTS.State_EnrollFlag | Data is either true or false. | 99.93% |
STUDENTS.State_ExcludeFromReporting | Data is either true or false. | 99.93% |
STUDENTS.Student_Number | The unique student number within the district. | 99.93% |
STUDENTS.StudentPers_guid | Unique identifier for the student’s personal record, long string. | 99.93% |
STUDENTS.StudentPict_guid | Unique identifier for the student’s picture record. Note: students' photos were NOT included in the data breach. | 99.93% |
STUDENTS.StudentSchlEnrl_guid | Unique identifier for the student’s school enrollment record. | 99.93% |
STUDENTS.TRANSACTION_DATE | Date stamp | 99.93% |
STUDENTS.City | The city of the student’s residence. | 99.92% |
STUDENTS.Gender | The student’s gender. | 99.92% |
STUDENTS.Street | The street address of the student’s residence. | 99.86% |
STUDENTS.Zip | The zip code of the student’s residence or mailing address. | 99.83% |
STUDENTS.FTEID | Data are numbers such as 0, 1, 2, 4, 5, etc. | 99.72% |
STUDENTS.WHOMODIFIEDTYPE | A, N or X | 99.68% |
STUDENTS.ClassOf | The graduation year for the student. | 99.52% |
STUDENTS.State_StudentNumber | The unique state-level identifier for the student. | 98.69% |
STUDENTS.Home_Phone | The student’s home phone number. | 97.42% |
STUDENTS.Sched_NextYearGrade | The grade level for the student in the next school year. | 96.00% |
STUDENTS.Sched_YearOfGraduation | The student’s expected year of graduation. | 94.47% |
STUDENTS.Grade_Level | The current grade level of the student. | 94.35% |
STUDENTS.PhotoFlag | 0 or 1 | 93.34% |
STUDENTS.Student_Web_ID | PowerSchool username | 90.59% |
STUDENTS.EntryCode | 1, 2, or 3 | 89.93% |
STUDENTS.TransferComment | Comments regarding the student’s transfer - lists the school they are coming from or going to | 89.68% |
STUDENTS.Mailing_City | The city listed on the student’s mailing address. | 84.73% |
STUDENTS.Mailing_Street | The street address for the student’s mailing address. | 84.73% |
STUDENTS.Mailing_Zip | The zip code for the student’s mailing address. | 84.73% |
STUDENTS.Mailing_State | The state listed on the student’s mailing address. | 84.71% |
STUDENTS.Web_ID | 6 digit random number | 83.88% |
STUDENTS.Student_AllowWebAccess | 0 or 1 | 80.69% |
STUDENTS.AllowWebAccess | 0 or 1 | 79.49% |
STUDENTS.Mother | The name of the student’s mother. | 76.57% |
STUDENTS.Middle_Name | The student’s middle name. | 74.41% |
STUDENTS.Doctor_Name | The name of the student's primary doctor. | 73.33% |
STUDENTS.Doctor_Phone | The phone number for the student’s doctor. | 73.33% |
STUDENTS.Father | The name of the student’s father. | 73.30% |
STUDENTS.Ethnicity | The student’s ethnicity as self-reported or recorded. | 69.51% |
STUDENTS.DistrictEntryDate | The date the student first entered the district. | 66.80% |
STUDENTS.SchoolEntryDate | The date the student first entered the current school. | 63.33% |
STUDENTS.Bus_Route | data ranges from the student's first name to bus numbers | 60.66% |
STUDENTS.Bus_Stop | most data has the student's last name | 60.63% |
STUDENTS.Lunch_ID | 4 digits | 59.35% |
STUDENTS.Next_School | The next school the student is expected to attend. | 58.74% |
STUDENTS.LDAPEnabled | 0 or 1 | 51.60% |
STUDENTS.Home_Room | For some students, this lists their homeroom as a classroom number. | 50.17% |
STUDENTS.ExitCode | Number from 1 to 16 | 39.89% |
STUDENTS.ExitComment | specifies the school the student is now attending | 39.17% |
STUDENTS.Locker_Combination | The combination for the student’s locker. | 37.30% |
STUDENTS.Locker_Number | The number of the locker assigned to the student. | 37.30% |
STUDENTS.IP_ADDRESS | last IP address that PS was used from by the student | 27.46% |
STUDENTS.Emerg_Contact_1 | The first emergency contact for the student. | 23.92% |
STUDENTS.Emerg_Phone_1 | Phone number of the first emergency contact. | 23.92% |
STUDENTS.WHOMODIFIEDID | number from 0-7000 | 23.62% |
STUDENTS.Graduated_SchoolID | DESE school code | 23.44% |
STUDENTS.Graduated_SchoolName | Name of the school from which the student graduated. | 23.41% |
STUDENTS.Sched_Priority | 0, 1, 2, 3,or 4 | 22.36% |
STUDENTS.DistrictOfResidence | The district where the student resides. | 19.73% |
STUDENTS.Geocode | Geographical code for the student’s residence. | 17.94% |
STUDENTS.Mailing_Geocode | Geographical code for the student’s mailing address. | 17.77% |
STUDENTS.DistrictEntryGradeLevel | The grade level of the student upon entry into the district. | 17.65% |
STUDENTS.SchoolEntryGradeLevel | The grade level of the student when entering the current school. | 17.60% |
STUDENTS.Alert_Medical | Used for medical alerts for life-threatening allergies, etc. | 17.39% |
STUDENTS.Track | Letter A-F, used during COVID | 17.11% |
STUDENTS.GradReqSetID | 0 or 1 | 13.61% |
STUDENTS.FedEthnicity | Federal designation of the student’s ethnicity - listed as a number | 10.53% |
STUDENTS.Emerg_Contact_2 | The second emergency contact for the student. | 9.33% |
STUDENTS.Emerg_Phone_2 | Phone number of the second emergency contact. | 9.33% |
STUDENTS.Team | use for middle school team designation (7-1, 7-2) | 8.60% |
STUDENTS.Sched_NextYearHomeRoom | The homeroom assigned to the student for the next school year. | 6.94% |
STUDENTS.Alert_Other | note field | 2.77% |
STUDENTS.GuardianEmail | Email address of the student’s guardian. | 2.53% |
STUDENTS.Building | The building where the student is enrolled. | 2.16% |
STUDENTS.Alert_OtherExpires | The date when the other alert expires. | 0.81% |
STUDENTS.Alert_Guardian | notes field - used for court order information | 0.39% |
STUDENTS.SummerSchoolNote | lists the summer school attended | 0.35% |
STUDENTS.Applic_Response_Recvd_Date | date | 0.24% |
STUDENTS.GradReqSet | 1 or 8 | 0.11% |
STUDENTS.Applic_Submitted_Date | The date when the student's application was submitted. | 0.10% |
STUDENTS.Alert_GuardianExpires | The date when the guardian alert expires. | 0.06% |
STUDENTS.Enrollment_Transfer_Info | Details about the student’s transfer - only found on 4 records | 0.06% |
STUDENTS.Alert_MedicalExpires | The date when the medical alert expires. | 0.04% |
STUDENTS.TuitionPayer | 0 or 1 | 0.04% |
STUDENTS.EnrollmentCode | -1, 1 or 2 | 0.03% |
STUDENTS.Sched_NextYearBuilding | The building where the student is expected to be enrolled next year. | 0.03% |
STUDENTS.Alert_Discipline | Indicates if the student has any disciplinary alerts. | 0.01% |
STUDENTS.Family_Ident | number | 0.01% |
STUDENTS.SSN | The student’s Social Security Number (only 1 student -will notify individually) | 0.01% |
STUDENTS.Alert_DisciplineExpires | The date when the disciplinary alert expires. | 0.00% |
STUDENTS.Balance1 | blank | 0.00% |
STUDENTS.Balance2 | blank | 0.00% |
STUDENTS.Balance3 | blank | 0.00% |
STUDENTS.Balance4 | blank | 0.00% |
STUDENTS.CampusID | blank | 0.00% |
STUDENTS.Cumulative_GPA | blank | 0.00% |
STUDENTS.Cumulative_Pct | blank | 0.00% |
STUDENTS.CustomRank_GPA | blank | 0.00% |
STUDENTS.Enrollment_Transfer_Date_Pend | blank | 0.00% |
STUDENTS.EnrollmentType | blank | 0.00% |
STUDENTS.FedRaceDecline | blank | 0.00% |
STUDENTS.Fee_Exemption_Status | blank | 0.00% |
STUDENTS.FullTimeEquiv_obsolete | blank | 0.00% |
STUDENTS.GPEntryYear | blank | 0.00% |
STUDENTS.Graduated_Rank | blank | 0.00% |
STUDENTS.GuardianFax | blank | 0.00% |
STUDENTS.House | blank | 0.00% |
STUDENTS.LastMeal | blank | 0.00% |
STUDENTS.Phone_ID | blank | 0.00% |
STUDENTS.PL_Language | blank | 0.00% |
STUDENTS.Sched_NextYearBus | blank | 0.00% |
STUDENTS.Sched_NextYearHouse | blank | 0.00% |
STUDENTS.Sched_NextYearTeam | blank | 0.00% |
STUDENTS.SDataRN | blank | 0.00% |
STUDENTS.Simple_GPA | blank | 0.00% |
STUDENTS.Simple_PCT | blank | 0.00% |
STUDENTS.Student_Web_Password | blank | 0.00% |
STUDENTS.SummerSchoolID | blank | 0.00% |
STUDENTS.TeacherGroupID | blank | 0.00% |
STUDENTS.Web_Password | blank | 0.00% |
STUDENTS.Withdrawal_Reason_Code | blank | 0.00% |
STUDENTS.WM_Address | blank | 0.00% |
STUDENTS.WM_CreateDate | blank | 0.00% |
STUDENTS.WM_CreateTime | blank | 0.00% |
STUDENTS.WM_Password | blank | 0.00% |
STUDENTS.WM_Status | blank | 0.00% |
STUDENTS.WM_StatusDate | blank | 0.00% |
STUDENTS.WM_TA_Date | blank | 0.00% |
STUDENTS.WM_TA_Flag | blank | 0.00% |
STUDENTS.WM_Tier | blank | 0.00% |
PowerSchool Data Field Name | Field Description | Percentage of breached records containing data in this field |
TEACHERS.ID | Unique identifier for each record. | 100.00% |
TEACHERS.dcid | Internal database identifier for the record. | 100.00% |
TEACHERS.DefaultStudScrn | Default screen displayed for students. | 100.00% |
TEACHERS.First_Name | User's first name. | 100.00% |
TEACHERS.GradebookType | Type of gradebook assigned to the user. | 100.00% |
TEACHERS.Group | Group or category the user belongs to. | 100.00% |
TEACHERS.Last_Name | User's last name. | 100.00% |
TEACHERS.LastFirst | User's name displayed as last name, first name. | 100.00% |
TEACHERS.Sched_IsTeacherFree | Indicates if the teacher is free during scheduling. | 100.00% |
TEACHERS.Sched_Lunch | Scheduled lunch period. | 100.00% |
TEACHERS.Sched_Scheduled | Indicates if the schedule is finalized. | 100.00% |
TEACHERS.Sched_Substitute | Indicates if the user is a substitute teacher. | 100.00% |
TEACHERS.Sched_TeacherMoreOneSchool | Indicates if the teacher works at multiple schools. | 100.00% |
TEACHERS.Sched_UseBuilding | Indicates if building-specific scheduling is used. | 100.00% |
TEACHERS.Sched_UseHouse | Indicates if house-specific scheduling is used. | 100.00% |
TEACHERS.StaffPers_guid | Unique identifier for staff personnel. | 100.00% |
TEACHERS.TeacherNumber | Unique identifier for teachers. | 100.00% |
TEACHERS.Users_DCID | Unique identifier for users in the database. | 100.00% |
TEACHERS.Status | Current status of the user's account (e.g., active, inactive). | 99.37% |
TEACHERS.Email_Addr | User's email address. | 98.45% |
TEACHERS.StaffStatus | Employment status of the staff member (0-4) | 89.02% |
TEACHERS.HomeSchoolId | Identifier for the user's home school. | 88.98% |
TEACHERS.SIF_StatePrid | State-provided unique identifier. | 86.06% |
TEACHERS.SchoolID | Identifier for the school. | 85.09% |
TEACHERS.Home_Phone | User's home phone number. | 80.09% |
TEACHERS.NameAsImported | Name as originally imported into the system. | 77.27% |
TEACHERS.PSAccess | Access permissions for PowerSchool. | 74.84% |
TEACHERS.PTAccess | Access permissions for parent/teacher portals. | 73.24% |
TEACHERS.TeacherLoginID | Login ID for the teacher. | 64.06% |
TEACHERS.Ethnicity | User's self-reported ethnicity (1 letter) | 63.72% |
TEACHERS.Photo | 0 or 1 | 54.78% |
TEACHERS.Title | User's title or position. | 48.28% |
TEACHERS.Middle_Name | User's middle name. | 45.75% |
TEACHERS.CanChangeSchool | Indicates if the user can switch between schools in the system. | 44.68% |
TEACHERS.Log | Log of the user's activities or changes. | 42.25% |
TEACHERS.LoginID | User's unique login ID. | 39.44% |
TEACHERS.Homeroom | User's assigned homeroom. | 30.84% |
TEACHERS.Sched_MaximumConsecutive | Maximum consecutive periods allowed. | 21.18% |
TEACHERS.Lunch_ID | Identifier for the user's lunch account - 6 digit code | 15.64% |
TEACHERS.Sched_Classroom | Assigned classroom for the user. | 14.96% |
TEACHERS.Sched_Department | Department associated with the user's schedule. | 13.16% |
TEACHERS.Sched_MaximumFree | Maximum free periods allowed. | 12.68% |
TEACHERS.Street | User's street address. | 11.07% |
TEACHERS.City | City where the user resides. | 11.02% |
TEACHERS.State | State where the user resides. | 11.02% |
TEACHERS.Zip | User's ZIP code. | 10.98% |
TEACHERS.Maximum_Load | Maximum workload or number of assignments for the user. | 7.92% |
TEACHERS.HomePage | User's default homepage in the system. | 4.95% |
TEACHERS.PreferredName | User's preferred name. | 3.64% |
TEACHERS.FedEthnicity | 0 or 1 | 2.77% |
TEACHERS.School_Phone | Phone number for the user's school. | 0.15% |
TEACHERS.Sched_Team | Team assignment for the user. | 0.05% |
TEACHERS.TeacherLoginPW | blank | 0.00% |
TEACHERS.Password | blank | 0.00% |
TEACHERS.Access | blank | 0.00% |
TEACHERS.AdminLDAPEnabled | blank | 0.00% |
TEACHERS.AllowLoginEnd | blank | 0.00% |
TEACHERS.AllowLoginStart | blank | 0.00% |
TEACHERS.Balance1 | blank | 0.00% |
TEACHERS.Balance2 | blank | 0.00% |
TEACHERS.Balance3 | blank | 0.00% |
TEACHERS.Balance4 | blank | 0.00% |
TEACHERS.Classpua | blank | 0.00% |
TEACHERS.FedRaceDecline | blank | 0.00% |
TEACHERS.IPAddrRestrict | blank | 0.00% |
TEACHERS.LastMeal | blank | 0.00% |
TEACHERS.NoOfCurClasses | blank | 0.00% |
TEACHERS.Notes | blank | 0.00% |
TEACHERS.NumLogins | blank | 0.00% |
TEACHERS.PeriodsAvail | blank | 0.00% |
TEACHERS.PowerGradePW | blank | 0.00% |
TEACHERS.PrefixCodesetID | blank | 0.00% |
TEACHERS.Sched_ActivityStatusCode | blank | 0.00% |
TEACHERS.Sched_BuildingCode | blank | 0.00% |
TEACHERS.Sched_Gender | blank | 0.00% |
TEACHERS.Sched_Homeroom | blank | 0.00% |
TEACHERS.Sched_HouseCode | blank | 0.00% |
TEACHERS.Sched_MaximumCourses | blank | 0.00% |
TEACHERS.Sched_MaximumDuty | blank | 0.00% |
TEACHERS.Sched_MaxPers | blank | 0.00% |
TEACHERS.Sched_MaxPreps | blank | 0.00% |
TEACHERS.Sched_PrimarySchoolCode | blank | 0.00% |
TEACHERS.Sched_TotalCourses | blank | 0.00% |
TEACHERS.SSN | blank | 0.00% |
TEACHERS.supportContact | blank | 0.00% |
TEACHERS.TeacherLDAPEnabled | blank | 0.00% |
TEACHERS.TeacherLoginIP | blank | 0.00% |
TEACHERS.WM_Address | blank | 0.00% |
TEACHERS.WM_Alias | blank | 0.00% |
TEACHERS.WM_CreateDate | blank | 0.00% |
TEACHERS.WM_CreateTime | blank | 0.00% |
TEACHERS.WM_Exclude | blank | 0.00% |
TEACHERS.WM_Password | blank | 0.00% |
TEACHERS.WM_Status | blank | 0.00% |
TEACHERS.WM_StatusDate | blank | 0.00% |
TEACHERS.WM_TA_Date | blank | 0.00% |
TEACHERS.WM_TA_Flag | blank | 0.00% |
TEACHERS.WM_Tier | blank | 0.00% |