Dear CASD Families, Faculty, and Staff,
We understand that Power School may have recently contacted you about the security breach in late December. We are resharing the information from our January correspondence for your reference. Nothing has changed for the families, faculty, and/or staff of CASD since the time of that previous email. As of February 15, 2025, CASD has received no new updates from PowerSchool. With that said, should the district receive any correspondence, we will be sure to share with you. Remember there is an email link below if you would like specific information regarding you or your student.
Sincerely,
Colleen M. Friend, Ed.D.
Superintendent
Carlisle Area School District
-------------------------------------------------------------------------
Dear CASD Families, Faculty, and Staff,
I am writing to share with you that unfortunately, Carlisle Area School District is one of thousands of school districts nationwide that has been impacted by a cybersecurity breach of a nationwide software company called PowerSchool. PowerSchool provides software that many public-school districts, including Carlisle, use to store and manage student information.
We know that any exposure of personal data is extremely concerning, and we are working with PowerSchool to try to fully determine what data was involved. We are closely following this and will update you as soon as we have more information.
Here is what we know at this time:
Student data that was potentially accessed during this breach, includes:
- Student names and email addresses
- Student medical information including physician’s name, physician’s phone number, and medical alert information.
- No student social security numbers were compromised.
Employee data that was potentially accessed during the breach includes:
- Only one former employee’s social security number was compromised, and that individual is being contacted directly.
Other Information:
- PowerSchool has confirmed the incident has been contained, with no evidence of malware or ongoing unauthorized activity. PowerSchool has deactivated the compromised credential that had been used to access its system, reset all passwords, and strengthened access controls for the affected portal.
- PowerSchool has stated that they do not anticipate the data that was compromised being shared or made public, and they believe it has been deleted. Certainly, we understand it may be difficult to feel confident that your information is safe, and we will continue to work with PowerSchool to get additional information.
- The breach is contained to a limited portion of our Student Information System, and no other PowerSchool-hosted services were affected.
- Law enforcement and third-party cybersecurity experts are investigating.
- Hosting student data off site is recommended by most technology experts due to the ability to provide back-ups and address network security. It is very unfortunate that a major, nationwide company trusted by thousands of school districts was compromised.
- We have no indication that passwords have been compromised but periodically changing passwords on your accounts and not using the same password with multiple accounts is recommended by security experts.
We will continue to provide updates as we gather more information about the breach. Thank you for your patience as we work to address this situation. If you have specific questions regarding your student(s) and the PowerSchool breach, please email the district at [email protected].
Please rest assured that the security and privacy of our students, staff, and community remain our highest priority and this is not an issue we take lightly.
Sincerely,
Colleen M. Friend, Ed.D.
Superintendent
Carlisle Area School District