St. Thomas More Collegiate (STMC) takes the privacy and security of our students and staff seriously. The purpose of this notice is to update STMC community regarding the cybersecurity incident involving PowerSchool, the software vendor that provides our Student Information System (SIS). More specifically, this notice aims to inform individuals about the potential impact on their personal information, the actions they can take to protect their data, and the measures that have been implemented to safeguard it.
What happened, and what steps have been taken?
On January 7, 2025, STMC was informed by PowerSchool of a cybersecurity incident that occurred between December 21 and December 28, 2024, involving unauthorized access to certain data of PowerSchool SIS – a platform we, and many other schools in North America use to store student and staff information. Unfortunately, PowerSchool has confirmed that this data includes personal information pertaining to some of our students and staff.
Although the breach did not originate from STMC, upon learning of the incident, we promptly activated our response plan, taking immediate steps to ensure that our critical systems remained operational.
Additionally, PowerSchool has assured us that they have strengthened their security measures and confirmed that the incident has been contained, with no evidence of malware or ongoing unauthorized activity within their environment.
Protecting our students and teachers remains a top priority at STMC. As such, STMC is working diligently to ensure that all necessary protections are in place.
What personal information has been impacted?
Working with STMC, PowerSchool has conducted a thorough investigation to understand the nature of the incident and the scope of personal information that may have been impacted. We can now confirm that the compromised personal information is restricted to the following:
| Current and Former Students | Applicants | Staff |
| · Full name;
· Gender; · Date of birth; · BC Personal Education Number; · Enrollment, graduation, and school exit dates; · Parent and alternate contact information; · Doctor and dentist contact information; In some cases: · Medical Alert details. · Existence of an IEP and/or learning accomodations |
· Full name;
· Gender; · Date of birth; · Enrollment and school exit dates; · Parent and alternate contact information;
|
· First and last name
· STMC login name · Subject area · STMC email address · Home address and phone number |
Please note that the list of impacted information above includes all potential categories of data that may have been compromised during the incident. Not all this information applies to every individual. For some individuals, only a subset of these details was affected, based on the information we had on record for them.
Fortunately, no other student information like financial data and academic records has been compromised.
What comes next?
PowerSchool has informed us that they have taken all necessary measures to prevent any further unauthorized access or misuse of the impacted personal information. They are confident that the data accessed by an unauthorized user has since been deleted and that no copies of this data were posted online.
Additionally, PowerSchool has recently informed us that they will be implementing further measures in response to this incident. Please note that these actions are being taken independently of STMC. Below are the details provided to us by PowerSchool:
- Identity Protection and Credit Monitoring Services: PowerSchool has engaged TransUnion and Experian, trusted credit reporting agencies, to offer two years of complimentary identity protection services for all students and staff whose information from our PowerSchool SIS was involved. This offer will also include two years of complimentary credit monitoring services for all students and staff whose information was involved and who have reached the age of majority. The offered credit monitoring services, which will be available for those who have reached the age of majority, will be provided by TransUnion; the offered identity protection services, which will be available for all involved students and staff, will be provided by Experian. Credit monitoring is being provided by TransUnion because Experian does not offer credit monitoring in Canada.
- Notification to Individuals Involved: In collaboration with TransUnion and Experian, PowerSchool will provide notice to students, parents/guardians and staff (as applicable) whose information was involved, as well as a phone number to answer any questions you may have about the incident. The notice will include the identity protection and credit monitoring services offer (as applicable).
STMC encourages you to visit https://www.powerschool.com/security/sis-incident/ for up-to-date information on the incident.
What can you do?
- If applicable, enroll in the identity protection and credit monitoring services that will be offered to you by PowerSchool.
- If you receive emails, letters, phone calls or text messages purporting to be from us asking for financial or any other personal information that you were not expecting, please consider the communication to be fraudulent, and contact us to confirm its authenticity.
- Remain vigilant of any phishing or spoofing attempts. Spoofing is an impersonation tactic used in phishing campaigns to deceive individuals into thinking that a communication, either a letter or email, came from a trusted source and to leverage that to obtain further information or defraud the recipient.
- Avoid clicking on links or downloading attachments from suspicious emails.
Additional tips and resources for protecting your identity are available at: https://www.priv.gc.ca/en/privacy-topics/identities/identity-theft/guide_idt/.
For more information
If you have any questions or concerns regarding the incident, please contact us at .
Thank you for your understanding.
