Data from more LI school districts has been compromised in the PowerSchool breach, officials say

At least five additional Long Island school districts were affected by a nationwide data breach from a cloud software provider that potentially exposed personal information of students and staff, district officials said.

Last week, the Glen Cove, Hicksville, Jericho, Lynbrook and West Hempstead school districts alerted their communities to what the company described as a “cyber security incident” on Dec. 28 at PowerSchool, a cloud software company.

The California-based company provides student information services to 18,000 customers and more than 60 million students worldwide, according to its website.

“This incident involved unauthorized access to our SIS (Student Information System) database,” Glen Cove Superintendent Maria L. Rihanna. “Please be assured that no other systems have been affected by this data breach.”

The districts joined the list of schools affected by the breach, which may have affected hundreds across the country. Newsday previously reported that on Long Island, Massapequa, Smithtown Central and Uniondale school districts, as well as Nassau BOCES, were affected by the breach.

PowerSchool is known to store information such as names, addresses, email addresses and transcripts, a school spokesperson said. It could also affect phone numbers and medical records, one district official said.

Software company told Newsday on Sunday that “PowerSchool is not experiencing and does not expect any disruptions and continues to provide services to our customers as usual. We have no evidence that this incident has affected other PowerSchool products.”

An unauthorized party gained access to PowerSchool customer data through compromised employee credentials, the company told school districts.

“We can confirm that the information we accessed belongs to certain (Student Information System) customers and relates to families and teachers, including from your organization,” the company wrote in a letter to the affected school districts. “An unauthorized access point has been isolated on our PowerSource portal. Because the PowerSource portal only provides access to the SIS database, we can confirm that this incident did not affect other PowerSchool products.”

Some districts affected by the breach said they are working with their technology teams and PowerSchool to fix the breach.

“The Hicksville Technology Department has developed plans and procedures to address cyber incidents, including informing the Hicksville community,” Hicksville Superintendent Theodore Fulton said in the letter. “We are committed to transparency and will continue to share information as it becomes available.”

Some districts require students and parents to reset their PowerSchool passwords and be vigilant about suspicious emails.

West Hempstead Superintendent Daniel Rehman said on the district’s website that PowerSchool “revoked the compromised credentials, strengthened password policies and security measures, brought in outside cybersecurity experts, notified law enforcement and continued to investigate evidence of data replication or public distribution.”

Jericho Superintendent Henry Grishman said Monday that the district’s technology department “has put a safeguard in place for any further graduation information through PowerSchool.”

“We have been assured by PowerSchool that the breach has been fixed,” he added.

Lynbrook School officials said in the letter that they have been notified of the breach and will provide an update as they learn more about the incident.

With Joshua Niedelman