[Superintendent's Update] Superintendent's Update

Wed Jan 8 23:03:10 UTC 2025

Dear Needham Public Schools Families:

I am writing to let you know that on January 7th the district was informed
by PowerSchool <https://www.powerschool.com/>, our student information
system application, that on December 28, 2024, PowerSchool became aware of
a potential cybersecurity incident involving unauthorized access to certain
information through one of its community-focused customer support portals,
PowerSource. PowerSchool has indicated an unauthorized party gained access
to certain PowerSchool Student Information System (“SIS”) customer data
using a compromised credential, and that District data was accessed.

Specifically, PowerSchool reported that it:

“Believe[s] the export data manager tool was used to extract only student
and teacher tables. These tables primarily include contact information with
data elements such as name and address information. For a subset of the
customers, these tables may also include Social Security Number (SSN),
other Personally Identifiable Information (PII), and some medical and
grades information for current and former students depending on the
specific school district.”

PowerSchool has reported to the District that it “engaged our cybersecurity
response protocols and mobilized a cross-functional response team,
including senior leadership and third-party cybersecurity experts. We have
also informed law enforcement.”  PowerSchool further reported that:
“Importantly, the incident is contained, and we have no evidence of malware
or continued unauthorized activity in the PowerSchool environment.”  It
further stated:  “We have also deactivated the compromised credential and
restricted all access to the affected portal. Lastly, we have conducted a
full password reset and further tightened password and access control for
all PowerSource customer support portal accounts.”  Finally, PowerSchool
has indicated that:  “We do not anticipate the data being shared or made
public, and we believe it has been deleted without any further replication
or dissemination. . . .We have a video confirming deletion and are actively
searching the dark web to confirm.”

The Needham Public Schools has not collected social security information
from staff or families through PowerSchool for many years, but PowerSchool
has indicated that it will be providing credit monitoring to affected
adults and identity protection services to affected minors in accordance
with regulatory and contractual obligations.

The Needham Public Schools does not have direct confirmation that it was
impacted in any way by this breach. We are following up with PowerSchool to
find out more information on how the District may have been affected and
for more details on the incident.  As we receive more information, and as
appropriate, we will relay this to families and the community and to any
specific individuals impacted.  The District is also reviewing what
occurred internally and whether we need to take additional security
measures on our end.
I'll be sure to keep you updated with any relevant and new information.

Thanks,

Dan Gutekanst
Superintendent of Schools
Needham Public Schools
1330 Highland Avenue, Needham, MA 02492
*He/His/Him*
781-455-0400 x11203
dan_gutekanst at needham.k12.ma.us

ATTENTION: If you speak a language other than English, language assistance
services are available to you free of charge. Contact your child’s school
for assistance.

Chinese (Simplified): 请注意：如果您的母语不是英语，我们将免费提供您语言辅助服务。如需协助，请与您孩子 的学校联系。

Spanish: ATENCION: Si usted habla un idioma que no sea el inglés, hay
servicios de asistencia lingüística disponibles gratis. Contacte la escuela
de su hijo para asistencia.

Russian: ВНИМАНИЕ: Если вы не говорите на английском языке, для вас
доступны бесплатные языковые сервисы на вашем языке. Обратитесь за помощью
в школу, в которой учится ваш ребенок.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.needham.k12.ma.us/pipermail/superintendents_update/attachments/20250108/5c5a176e/attachment.htm>