JANUARY 19TH UPDATEThe Department of Education has issued an update regarding the recent international cybersecurity breach involving unauthorised access to the PowerSchool Student Information System (SIS) customer data.Commissioner of Education Kalmar Richards emphasised the seriousness of the situation and the Department's measures."PowerSchool has confirmed that the breach included data from some Bermuda Public Schools families and teachers. The data extracted were in the student and teacher tables. The compromised information primarily consists of parent and student contact details, such as names, students' date of birth, addresses, telephone numbers and email addresses."Additionally, PowerSchool has informed clients that more sensitive personally identifiable information (PII) was also affected for certain individuals. The Department captures PII information in the medical alert field, such as allergies and asthma. Unfortunately, until PowerSchool recovers the Bermuda database logs files covering the period of the breach, we are unable to confirm whether PII specific to Bermuda Public Schools was compromised."Commissioner Richards continued, "We eagerly await a timeline for when we will receive confirmation regarding the impact on our students' PII. Upon receiving the update, the Department of Education will immediately inform affected individuals."Commissioner Richards reassured stakeholders: "Our other cloud-based services, such as Schoology, remain secure and unaffected. Furthermore, we have submitted the Personal Information Notification documents to the Privacy Commissioner and have been fully cooperating with them." "PowerSchool has been a trusted vendor for the Department since 2008, and this marks the first cybersecurity incident under their service. In addition to contact information for teachers and students, the Department utilises PowerSchool SIS tables to capture data on attendance, courses, enrollment history, grades, and behavior incidents. The Department remains committed to ensuring the security of all student and staff data and will take all necessary steps to safeguard any sensitive or personal data."She concluded with a direct line of communication for concerns: "Families and staff with questions or concerns are encouraged to contact the Office of the Commissioner via email at coe@moed.bmTo read PowerSchool's statement on the cyber incident, visit https://www.powerschool.com/security/sis-incident/ JANUARY 10thThe Department of Education was notified by its student information system provider, PowerSchool, of a recent cybersecurity incident affecting their clients. PowerSchool is a leading provider of cloud-based K-12 education software based in North America, providing these services in over 90 countries and to thousands of students and school organizations. This breach occurred on PowerSchool’s internal systems. The breach has not affected any of Bermuda Public Schools’ other systems or networks. This was an isolated incident specific to PowerSchool's infrastructure. According to PowerSchool, malware was not involved in this incident. PowerSchool has advised the Department that the incident has been contained and that their systems remain secure. Here are the key details from PowerSchool: PowerSchool experienced a security breach when an unauthorized party gained access to its systems via a compromised credential. This means an individual’s username and password were used without authorization. The unauthorized access allowed the party to reach the management console of PowerSchool’s PowerSource tool.The data that may have been compromised includes family and staff contact information such as name and address information. PowerSchool has also indicated that for some individuals across their customer base, some personally identifiable information (PII) such as medical information may have been impacted. They are still investigating whether PII belonging to our students was included.PowerSchool believes that the compromised data has been deleted and will not be shared publicly. They are actively working to prevent further unauthorized access or misuse of data. The Department of Education Response:In keeping with Bermuda’s privacy laws, the Commissioner of Education, Mrs. Kalmar Richards, has informed the Office of the Privacy Commissioner. Additional information will be provided to the Privacy Commissioner’s Office and our staff and families as it becomes available.Mrs. Richards said: “We are in close contact with PowerSchool and are actively monitoring the situation. It is worth noting that this breach is on PowerSchool’s International system and has not affected any of the Ministry’s local systems."We understand that this incident may raise concerns and appreciate your continued understanding as we work to address this issue. The safety and security of our students' and staffs' data remains a top priority."PowerSchool has informed us that it has contained the breach and is working to prevent any further unauthorized access or misuse of the compromised data. They are taking steps to ensure the data will not be publicly shared. They continue to investigate the incident and will share information as it becomes available."Families and staff with any questions or concerns may contact the Office of the Commissioner by emailing coe@moed.bm."