
The PowerSchool breach that is giving school districts throughout the U.S. major headaches also affected school districts in Canada. The Toronto Star reports:
Toronto’s public school board says personal information of its students dating back to 1985 may have been breached during a recent cybersecurity incident that affected many districts across North America.
… The type of information that may have been compromised depends on when someone was a TDSB student. For instance, students between September 2017 and Dec. 28, 2024, may have experienced a breach of information that includes their name, date of birth, gender, health card number, home address and phone numbers, residency status and medical information about things such as allergies, conditions and injuries. Information about their emergency contacts may also have been affected.
….
Historical information — stored in case former students request records or transcripts — may also have been breached. For those who attended the TDSB between September 1985 and August 2017, this includes name, date of birth, gender, health card number, home address and phone numbers.
Read more at Toronto Star.
While a bright light will continue to be shined on PowerSchool, maybe some Canadian will ask TDSB why they had so much old data still connected to the internet instead of segmented and encrypted. The breach is undoubtedly PowerSchool’s fault and responsibility, but could the district have protected student data better? Hopefully the privacy commissioner will look at that, too.
The breach also affected current and former TDSB teachers, as a notice posted today on the district’s website confirmed.
