May 29, 2025
Dear Former Border Land School Division Community Members,
As you may know, PowerSchool, a Student Information Systems (SIS) provider, recently experienced a cybersecurity incident. Like many school institutions across North America, we use PowerSchool for our SIS and thus were informed by PowerSchool that information stored by the Border Land School Division in our SIS was involved in the incident. This includes personal information of students, parents/guardians, and educators. We have written to our community about this incident many times previously (click
here to see that communication).
This communication is intended for those who have not seen our previous communications. If you have seen our previous communications, you do not need to read this.
Parents/guardians, and educators whose information was involved in the incident. We understand from PowerSchool that the email was sent from one of the following similar email addresses:
[email protected];
[email protected]; or
[email protected].
If you received an email from any one of these email addresses with the subject line “PowerSchool Cybersecurity Incident”, we have been assured by PowerSchool that it is a legitimate email. The email includes information about how to activate 2 years of identity protection and/or credit monitoring services offered.
Whether or not you received the email from PowerSchool, you may also visit PowerSchool’s website to learn how to activate the identity protection and/or credit monitoring services. For those able to utilize credit monitoring services (anyone age 18 and over), you will be prompted to validate before activating by entering your name and date of birth. Anyone, including those under 18, can utilize the identity protection services.
PowerSchool has advised that you can call 833-918-7884 if you have any questions.
Please review the email from PowerSchool carefully. It includes details about the incident and the information identified by PowerSchool as involved. In the email, PowerSchool explains that, on December 28, 2024, it became aware that it experienced a cybersecurity incident involving unauthorized access to and exfiltration (acquisition) of certain personal information from PowerSchool SIS environments. This occurred between December 19 and December 28, 2024. PowerSchool also advised us that it has taken steps to try to prevent the information involved from further unauthorized access or misuse.
You will see that PowerSchool includes in the email a description of some of the information that was potentially involved in the incident. The information involved varies by person.
For students, the information involved will generally be limited to information parents/guardians provided Border Land School Division upon registration of their child as a student or any subsequent updates to that information. For many students, the information involved was name, date of birth, gender, doctor’s name, MET number, and/or enrolment/registration records as well as the parent/guardian’s name and contact information.
For a small number of students, there was also relevant medical information (e.g., allergies) and/or relevant alerts (e.g., related to discipline, guardian, custody, or other issues).
For staff, the information involved was name, phone number, address, and/or Professional School Personnel number.
The email from PowerSchool also refers to the Social Insurance Number (SIN) as potentially involved. If your SIN was among the small numbers stored in our SIS, we previously emailed you about this on January 29, 2025.
If you did not receive this email from us, then your SIN was not stored in our SIS and is NOT involved in the incident – the email from PowerSchool should thus say there is no evidence your SIN was involved.
Based on our own investigation of the information stored in our SIS,
no parent/guardian, staff, or student banking or credit card information was stored in our SIS, and thus such information was NOT involved in the incident.”
When we learned of the incident, we conducted an investigation with the assistance of experts and worked diligently to request details from PowerSchool. We also worked with other school divisions in Manitoba that are similarly impacted. We have been assured by PowerSchool that the incident has been contained. We took steps to confirm there was no ongoing threat and to reduce the risk of a similar future threat, including by confirming that PowerSchool: engaged its cybersecurity response protocols, engaged a cybersecurity expert to conduct a forensic investigation, deactivated a compromised account, conducted a full password reset, initiated enhanced processes for access, further strengthened password policies and controls, and notified law enforcement. We have also informed the Manitoba Ombudsman of the incident and have included additional information you can review by clicking
“Steps You Can Take to Help Protect Personal Information”.
Please find answers to some questions you may have by clicking
here . If you have any additional questions, they can be directed to the Border Land School Division using this
link.
In the Border Land School Division, we take cybersecurity and protecting information seriously. We sincerely regret that this incident occurred and thank you for your understanding.
Yours sincerely
Superintendent, Border Land School Division