On January 7, 2025, Venture Academy was notified of a cybersecurity breach by PowerSchool, the largest provider of K-12 student information education software, that potentially impacted student and staff data. It is apparent that Venture’s students and staff data was accessed by an unauthorized party, although we do not have confirmation from PowerSchool of what exactly was included in the breach. Here’s what we do know:

• On December 28, 2024, PowerSchool became aware of an unathorized party who gained access to PowerSchool’s PowerSource management support site using stolen credentials. 

• The bad actor was able to extract data from schools nationwide using the compromised credentials.

• PowerSchool reports it does not anticipate the data will be shared or made public. They believe it has been deleted without further replication or dissemination and they have video proof of destruction.

• PowerSchool reports the incident is contained and the compromised account was shut off and password reset.

• PowerSchool reports all employee passwords were reset within PowerSource.

• PowerSchool reports that staff and student personally identifiable information (PII) was included in the breach. 

• Although not admitting it was a ransomware attack, PowerSchool paid an undisclosed amount of money for the data to be destroyed in what is considered a data extortion attack.

• PowerSchool reports it continues to investigate the specifics of the breach.

• PowerSchool’s student information system was the only software product affected in the breach.

• For Students: Names, addresses, birthdates, emergency contacts, homeroom teachers, enrollment dates, guardian phone numbers, and three to four individual emergency contacts.

• For Staff: Names, district email addresses, and for a select few, social security numbers.

No. PowerSchool has confirmed that the data was deleted by the threat actor and has not been made public or shared.

A letter was sent home to families on January 10, 2025 in English and Spanish along with social media postings on the same day.

• Families: At this time, no action is required by families.

• Staff: Staff who had social security information (very few) in the system have been notified and provided with information related to credit monitoring.

If this changes, families and staff will be notified with further guidance.

While no misuse has been reported, we recommend monitoring accounts for unusual activity. If misuse is suspected, please contact info@ventureacademies.org