Several local school districts are potentially compromised in a nationwide security breach

CINCINNATI (WKRC) – Leaders in several local school districts have reported that student information may have been compromised in a nationwide security breach involving software company PowerSchool.

The company, which provides cloud-based student information systems globally, said it became aware of the cybersecurity incident in December and has since notified affected districts. PowerSchool confirmed that unauthorized access was gained to its customer support portals, potentially exposing sensitive information such as social security numbers and medical data.

In a message sent to affected school districts, the company stated:

“We have taken all appropriate steps to prevent further unauthorized access or misuse of the data involved. We do not expect the data to be shared or published, and we believe it has been deleted without further replication or dissemination.”

Local districts including Milford, West Clermont, Indian Hill and St. Henry District High School in northern Kentucky, has been informed of the breach and told by PowerSchool that its data was affected. Milford and West Clermont officials said the districts do not store social security numbers in PowerSchool, but names and addresses can be accessed. Indian Hill reported that the district does not store any personally identifiable information on the site.

Cybersecurity expert Dave Hatter said that even if you’re not initially affected by the breach, you should be aware of scams about it.

“Either the same crooks or other crooks will send phishing emails to people and tell them, ‘Oh, hey, you’ve been breached here. Click this link for help,’ or something like that,” Hatter said. “I would strongly recommend that any emails you get, any texts you get, about this breach, be extremely skeptical and cautious about clicking on the links.”

PowerSchool representatives said the company is equipped to conduct a thorough notification process for all affected, and plans, when necessary, to offer credit monitoring to affected adults and identity protection services to affected students. Notifications to individuals are expected to begin in the coming weeks.

“If you’re in this set of people, (you) want to get some kind of free credit monitoring for at least a year; I strongly encourage you to do that,” Hater said. “I strongly encourage you to consider, especially if you know you have been using the same username and password on multiple accounts, changing your username and password, as painful as that may be.”

Some of the largest districts locally, Cincinnati Public, Kenton County, Mason, Middletown, Franklin, Forest Hills, Oak Hills and Loveland, confirmed PowerSchool is not being used. School leaders at Kings and Southwest Schools said the districts use the PowerSchool software but were not affected by the breach.