Parent information compromised in Bonneville School District 93 data breach

IDAHO FALLS — Parent contact information for Bonneville Joint School District 93 was accessed in a data breach that impacted school districts nationwide.

The breach happened on Dec. 22. School districts were notified in early January.

The data came from PowerSchool, the software database the school district uses for student information. Many school districts nationwide use PowerSchool for their operations, including several other districts in eastern Idaho. It holds student and parent information, grades, class schedules and more.

Bonneville School District Technology and Safe Schools Director Gordon Howard confirmed the district’s data breach is part of a larger incident. In Bonneville, parent phone numbers, home addresses and email addresses were compromised.

“It’s fortunate that the type of information that was breached was not more sensitive,” Howard said.

Information stolen from other districts included Social Security numbers and grade and medical information, according to a recent article by TechCrunch.

According to TechCrunch, PowerSchool spokesperson Beth Keebler confirmed the data breach happened and how they handled it.

“We have taken all appropriate steps to prevent the data involved from further unauthorized access or misuse,” Keebler said in the article. “The incident is contained and we do not anticipate the data being shared or made public. PowerSchool is not experiencing, nor expects to experience, any operational disruption and continues to provide services as normal to our customers.”

According to Bleeping Computer, PowerSchool told affected users that hackers extorted PowerSchool to pay them to stop the hackers from releasing the data, which they paid. PowerSchool has not released how much money they have paid.

Howard clarifies the servers of the district itself were not hacked. Someone with account credentials at PowerSchool’s corporate level accessed the data.

District 93 reported the breach to state agencies and alerted parents and staff.

“It is important to know that we do not keep any Social Security numbers for students, and Social Security numbers for teachers are only kept in School ERP, our secure employee information system,” Bonneville School District Superintendent Scott Woolstenhulme said in a letter to parents.

Although no passwords were compromised, Howard still recommends changing passwords often, just in case.

“This is the world we live in, and just be precautious,” Howard said. “If they (parents) feel like they need to change passwords on some of their accounts, then by all means, do it. It’s better to be safe than sorry.”