Rocky View Schools has provided another update about the PowerSchool Data Breach and has shared that PowerSchool has released its third-party Investigation Report prepared by CrowdStrike.

According to the report, on December 28, PowerSchool identified suspicious activity using credentials belonging to a support user (compromised support credentials) in their PowerSchool Student Information System.

“On December 29, CrowdStrike Services was engaged to provide investigative services and to assess the scope and extent of unauthorized third party (“Threat Actor”) activity in the PowerSchool environment. CrowdStrike’s investigation began on December 29, 2024, and concluded on February 17, 2025.”

Below is a summary of the key insights from CrowdStrike’s analysis of the available data:


The earliest evidence of unauthorized activity attributable to the Threat Actor within the PowerSchool environment occurred on December 19, 2024.
The Threat Actor performed Maintenance Remote Support operations in PowerSource to gain access to PowerSchool customers’ Student Information System (SIS) data.
The Threat Actor exfiltrated data from the PowerSchool SIS instances of PowerSchool customers.
CrowdStrike found no evidence of access or escalation of privilege by the Threat Actor to any PowerSchool systems beyond application-level access via the web-based interface.
CrowdStrike identified earlier evidence of unauthorized activity in the PowerSchool environment associated with the compromised support credentials between August 16, 2024 and September 17, 2024.
The most recent evidence of Threat Actor activity in the Customer environment occurred on December 28.
CrowdStrike’s dark web monitoring did not identify exfiltrated data for sale related to this incident.

For more details and the full report, click HERE.

The breach primarily involved contact information for current and former parents, students, and staff. Not all individuals had all fields entered into the system, but the accessed data for students included:


Student ID numbers and encrypted passwords;
First and last names;
Dates of birth, gender, and home address information.

Some parent and guardian contact details were also accessed, including:


Emergency contact names and phone numbers;
Doctor names and phone numbers.

Additional data provided by parents to support student learning may have been accessed. This includes:


Medical details;
Custody and court order arrangements;
Coding and programming information.

Staff information that was accessed included:


First and last names;
Position titles and school codes;
Contact information, including home addresses, RVS email addresses, and RVS login IDs;
Older encrypted passwords that are no longer in use.

As a precaution, RVS advises workers and families to update their passwords on a frequent basis and to be on the lookout for any phishing scams. Additionally, PowerSchool informed families that it will never get in touch with people directly to ask for account or personal information.

Sign up to get the latest local news headlines delivered directly to your inbox every afternoon. 

Send your news tips, story ideas, pictures, and videos to news@discoverairdrie.com. You can also message and follow us on Twitter: @AIR1061FM. 

DiscoverAirdrie encourages you to get your news directly from your trusted source by bookmarking this page and downloading the DiscoverAirdrie app.

There is content being displayed here that your browser doesnt support.
Please click here to attempt to view the information in a separate browser window.
Thanks for your patience!

There is content being displayed here that your browser doesnt support.
Please click here to attempt to view the information in a separate browser window.
Thanks for your patience!