BOZEMAN, Mont. – A recent cybersecurity incident involving the PowerSchool Student Information System (SIS) has affected schools across the United States and Canada, including Bozeman Public Schools.
The breach occurred on December 28, 2024, and was reported to Bozeman Public Schools on January 7. An unauthorized individual gained access to specific SIS customer data through a compromised credential in PowerSchool’s support portal.
The accessed data includes information related to students, families, and educators. This comprises student contact details, mailing addresses, enrollment status, and lunch status. Teacher data related to employment status and work assignments were also impacted.
PowerSchool has taken immediate action by activating its cybersecurity response team, involving law enforcement, and engaging a third-party cybersecurity firm. The compromised credential has been deactivated, and access to the affected portal is now restricted. A third-party incident report is expected by January 17.
PowerSchool has confirmed the deletion of the data from the source of the breach, supported by video evidence. They are actively monitoring the dark web for any potential misuse of the data.
Bozeman Public Schools has launched its data breach protocol and is working closely with PowerSchool to determine the specific data fields compromised. The district has engaged its cybersecurity insurance company for additional expertise and guidance to assess the impact on students, staff, and families.
The Bozeman School District emphasizes its commitment to data security and will continue to provide updates as they receive more information from PowerSchool. Credit monitoring services will be offered to affected adults, and identity protection will be provided for impacted minors.