North Dakota Information Technology (NDIT) is actively working with school districts across the state in response to a data breach involving the PowerSchool Student Information System (SIS). The breach, which stemmed from unauthorized access to PowerSchool’s customer support portal, exposed personal information of students and educators. The personal information exposed varies by individual but includes some combination of the following: the individual’s name, contact information, social security number, date of birth, limited medical alert information, and other related information. NDIT is collaborating with PowerSchool to assess the impact and ensure affected individuals receive necessary support and ongoing credit monitoring resources.
Incident Summary
The incident involved unauthorized exfiltration of personal information from certain PowerSchool Student Information System (SIS) environments through PowerSchool’s customer support portal, PowerSource.
PowerSchool has assured NDIT that the incident has been contained and they worked closely with third-party cybersecurity experts to address the situation.
Since becoming aware of the incident, North Dakota Information Technology (NDIT) has been working closely with PowerSchool and North Dakota school districts to understand the scope of the incident and assist with providing support to those affected.
Notifications and Guidance for Affected Individuals
PowerSchool will be sending notifications directly to affected individuals in stages, including information on credit monitoring and identity protection services. However, students and educators should not rely solely on direct notifications as contact information for affected individuals may be missing or outdated.
For more information, please visit the PowerSchool incident page at https://www.powerschool.com/security/sis-incident/.
NDIT strongly encourages affected individuals to take advantage of the complimentary identity protection services being provided by PowerSchool. The deadline for affected individuals to enroll in credit monitoring or identity protection services offered by PowerSchool is May 30, 2025. (NOTE: PowerSchool will never contact you by phone or email to request your personal or account information.)
Please visit https://www.powerschool.com/security/sis-incident/notice-of-united-states-data-breach/ for more information on how to take advantage of these services.
NDIT also recommends that affected individuals monitor their financial accounts and credit reports regularly for any suspicious activity. Consider placing a credit freeze for affected individuals to prevent new accounts from being opened in your name. You can request a credit freeze by contacting each of the three major credit bureaus: Equifax, Experian, and TransUnion.
Contact Information for Inquiries
If individuals have any questions or concerns regarding PowerSchool’s Notice of Data Breach, a call center has been set up by PowerSchool to handle inquiries.
Please call 833-918-9464, Monday through Friday, 8:00 am through 8:00 pm Central Time (excluding major US holidays) and be prepared to provide the engagement number listed in the applicable enrollment instructions (B138812 or B138813).