Ann Arbor Public Schools has confirmed that no active student Social Security numbers were compromised following a recent data breach involving PowerSchool, a cloud-based education software provider. The breach, which occurred in late December, involved hackers gaining unauthorized access to PowerSchool’s student information system (SIS) through the vendor’s customer support portals.
The district, along with several other educational institutions across the country, was notified by PowerSchool about the incident in early January. Since then, the district has been actively working to investigate the scope of the breach and reassure families about the safety of their data.
The breach took place on December 28, 2024, when unauthorized individuals accessed PowerSchool’s customer support system, PowerSource. This system is used by school districts across the United States to manage various educational records and data.
Ann Arbor Public Schools (AAPS) was one of the many school districts affected by the breach, though it was not immediately clear what specific data had been accessed or compromised. The district was informed about the breach by PowerSchool early in January, and immediately launched its own investigation to determine the impact on its students and staff.
AAPS Superintendent Jazz Parks promptly notified families about the situation on January 9, 2025, assuring them that the district was looking into the issue.
The notification highlighted that the breach could have affected certain student data, but emphasized that the district was committed to keeping families informed as they worked to determine the full extent of the breach. This message was part of an ongoing effort to ensure transparency and provide families with the most up-to-date information.
By January 31, 2025, the district provided an update through their weekly newsletter, confirming that no student Social Security numbers had been compromised as a result of the breach. This was a key concern for many families, as Social Security numbers are sensitive pieces of personal information that can lead to identity theft if exposed.
According to the district, the data that was potentially affected by the breach included basic student information such as names, contact details, dates of birth, and in some cases, medical alert information. This information is typically used by teachers to ensure the safety and well-being of students in the classroom.
For staff members, the affected data was limited to directory information, which typically includes basic details like names, positions, and contact information. This information is generally available to the public and is not considered as sensitive as student data, though it is still important to protect it.
AAPS spokesperson Andrew Cluley further clarified that the district was reviewing the data to ensure that only the necessary information had been accessed. He assured families that the district was taking all necessary steps to protect the privacy and security of both students and staff members. The district’s ongoing cyber incident response process includes working closely with PowerSchool and other experts to monitor the situation and ensure that there are no additional risks.
PowerSchool, which is the vendor responsible for the breach, responded quickly to the incident. The company reported that the breach only affected their support portal, PowerSource, and that no other PowerSchool products or systems were impacted.
According to PowerSchool, the breach had been contained and there was no evidence of malware or any continued unauthorized activity. They also assured school districts that they were taking steps to prevent such incidents from happening again in the future.
Other school districts in the area that use PowerSchool, such as Saline Area Schools and Dexter Community Schools, confirmed in January that they were not impacted by the breach. This news provided some reassurance to families in neighboring districts, as it indicated that the breach was not widespread across all PowerSchool users in the region.
In response to the breach, PowerSchool has offered two years of complimentary identity protection services for all students and educators whose personal information may have been compromised. These services include credit monitoring and identity theft protection, which are designed to help individuals detect and respond to any potential misuse of their personal information.
In addition to this, PowerSchool has partnered with Experian, a well-known consumer credit reporting agency, to notify affected individuals and assist with the enrollment process for these services.
Experian was expected to send direct email notifications to those affected, providing instructions on how to enroll in the identity protection services. PowerSchool has also set up a toll-free call center, operated by Experian, to address any questions or concerns that families and educators may have.
The phone number for the call center is 833-918-9464, and it is available for those who need additional information or assistance with the identity protection services.
The district emphasized that protecting the personal data of students and staff remains a top priority. AAPS continues to work with PowerSchool and other experts to investigate the breach and strengthen its security measures moving forward. The district is committed to ensuring that all sensitive data remains secure and that families can trust the district with their personal information.
While the breach was concerning, the district’s swift response and transparency in addressing the issue have been important in maintaining the trust of the community. AAPS has assured families that they will continue to provide updates as more information becomes available and that they are taking every possible step to ensure the safety and privacy of students and staff members.
In conclusion, while the PowerSchool breach was a significant cybersecurity incident, the Ann Arbor Public Schools district has made it clear that no active student Social Security numbers were compromised. The district has acted quickly to investigate the breach, reassure families, and offer identity protection services to those affected. With PowerSchool’s cooperation and the continued efforts of AAPS, families can feel confident that the district is doing everything it can to protect their data and prevent future breaches.
Disclaimer: This article has been meticulously fact-checked by our team to ensure accuracy and uphold transparency. We strive to deliver trustworthy and dependable content to our readers.