Most Manitoba schools hit in cyberattack Popular American software program hacked Local Journalism Initiative Reporter
By: Maggie Macintosh Posted: 9:50 AM CST Thursday, Jan. 9, 2025 Last Modified: 5:31 PM CST Thursday, Jan. 9, 2025 Updates

Hey there, time traveller!
This article was published 09/01/2025 (258 days ago), so information in it may no longer be current.

The majority of Manitoba school divisions have been impacted by a data breach involving a popular software program used to track student and employee contact information.

More than 20 superintendents have informed families in recent days that PowerSchool — the owner and operator of their shared student-information system — was hacked in late December.

Customers across Canada and the U.S., where PowerSchool’s Folsom, Calif. headquarters are located, have been affected to varying degrees.

The Winkler-based Garden Valley School Division was advised it was not impacted. Others, including Sunrise School Division, were not so lucky.

“We believe that the data accessed included information about students and staff — particularly contact information and other information provided to the division at the time the student was registered, or when staff commenced their employment,” superintendent Trevor Reid wrote in a mass email to families and employees from Oakbank and surrounding communities.

Reid noted the company, not Sunrise in and of itself, was the target of the cyberattack. He also assured students and employees that neither banking data nor student photos appear to have been accessed by hackers.

Ransom fee paid

His letter mirrored ones sent by Louis Riel, River East Transcona, Seine River, Portage la Prairie, Brandon, Mountain View, Hanover, Prairie Spirit, Prairie Rose, Southwest Horizon, Lakeshore, Flin Flon, Beautiful Plains, Swan Valley, Border Land, Western, Kelsey, Frontier and the franco-manitobaine district.

One of the memos indicates PowerSchool paid a ransom fee to delete data that was obtained to keep it from being released.

The company is investigating the incident and announced a “town meeting” for affected divisions. It has also pledged to share a report compiled by CrowdStrike, a cybersecurity technology company, with clients by Jan. 17.

A spokesperson for PowerSchool said emergency response protocols were initiated on Dec. 28 after the discovery of “unauthorized access” to student records via a customer portal.

The company does not expect any disruptions to service as a result of the situation and remains committed to taking its role as a data processor “extremely seriously,” the spokesperson said.

Manitoba administrators have told communities the provider is confident the breached data was deleted and not copied or uploaded elsewhere.

Accounts have been deactivated and there are new, bolstered processes for passwords and access, per the series of letters that appear to have been customized from a generic template.

The situation is unfolding as the Pembina Trails School Division — which was not affected by this cyberattack — works to restore operations after an unauthorized third-party accessed student information and employee payroll details before the winter break.

Related Articles

Canadian school boards among those affected by cyber incident involving third party

MITT set to launch cybersecurity analyst diploma program

Student info breached in Pembina Trails cyberattack, school division confirms

‘It’s affected everything’: cyberattack could impact Pembina Trails report cards, exams Pembina Trails reassures parents after systems hacked U of W dropped ball on cybersecurity: staffer

Province scraps $50-M student database

Canada's privacy czar launches investigation into student information data breach

Hackers put price of $1.6M on student data

Dark web data leak risks could menace city students for decades, cybersecurity experts warn Federal privacy watchdog discontinues investigation into student data breach

The education sector is a common target because of the “large attack surface” of its stakeholders — campuses typically have multiple systems and networks — and their diverse user bases, said Gustavo Valle, director of information security at Exchange Technology Services.

Valle said the rise of remote learning, school budget constraints and the sensitivity and high value of stored data make the entities vulnerable.

“There is no such thing as 100 per cent protection,” he wrote in an email in which he warned against placing blame before any investigation is complete.

At the same time, he said good “information technology hygiene” involves strong and up-to-date password policy and enabling multi-factor authentication.

“Additionally, users must be educated on how to identify attacks and threats to avoid falling for phishing attacks, social engineering, and similar risks,” Valle added.

Sandy Nemeth, president of the Manitoba School Boards Association, confirmed the “vast majority” of the group’s 38 members use PowerSchool as a provider, but she declined to provide further comment.

Automatic switch turned off

The Seine River School Division has published a detailed list of information from schools in Lorette and surrounding communities that may have been compromised, per internal logs.

Superintendent Colin Campbell said student names and corresponding registration numbers, birthdays, grade levels, homerooms, guardian and sibling names, home phone numbers and addresses, as well as family doctor contact information, are all in question.

Employee records containing names, phone numbers, email addresses and both staff identification and school location ID might also have been exported, Campbell said in a mass email.

One IT specialist said he believes his employer was protected from the leak because he had turned off an automatic switch that allowed PowerSchool to enter its network to fix problems upon request. “We got lucky,” said the employee, who was not authorized to speak on the record.

A spokesperson for Manitoba Education said in a statement that divisions are responsible for their own student-information systems and the department is in communication with those affected.

“This is a new world. (The digital realm) is where some of the criminal activity’s going to take place.”–Mike Moroz

For Mike Moroz, inaugural minister of innovation and new technology, every Manitoban has a responsibility to protect online data.

“This is a new world. (The digital realm) is where some of the criminal activity’s going to take place,” Moroz said in an interview Thursday.

The minister said his newly established office is learning from incidents that occur in Manitoba and elsewhere to update protocols, better protect public entities and create best-practice guidelines for the private sector.

The Manitoba Federation of Independent Schools was unaware of any private schools being affected as of Thursday afternoon.

maggie.macintosh@freepress.mb.ca

Winnipeg Free Press | Newsletter

Jen Zoratti | Next

Wednesdays

What's next in arts, life and pop culture.

Sign up for Jen Zoratti | Next

Sign Up

I agree to the Terms and Conditions, Cookie and Privacy Policies, and CASL agreement.

Maggie Macintosh
Education reporter

Maggie Macintosh reports on education for the Free Press. Originally from Hamilton, Ont., she first reported for the Free Press in 2017. Read more about Maggie.

Funding for the Free Press education reporter comes from the Government of Canada through the Local Journalism Initiative.

Every piece of reporting Maggie produces is reviewed by an editing team before it is posted online or published in print — part of the Free Press‘s tradition, since 1872, of producing reliable independent journalism. Read more about Free Press’s history and mandate, and learn how our newsroom operates.