Dear Staff,
Further to the information shared on January 8, 2025, we are writing with an update on the cyber incident involving PowerSchool’s Student Information System – the application used by TDSB and many school boards across North America to store certain student information.
If you were a staff member with TDSB between January 1, 2006 and December 28, 2024 and fall into the categories below, this notification applies to you. Please note that we will also be posting this letter on our website to notify TDSB’s former staff members who may be affected.
What Happened?
As you may recall, on Tuesday, January 7, 2025, PowerSchool notified TDSB and other school boards in Ontario and across North America that a PowerSchool system had experienced a data breach between December 22-28, 2024. TDSB’s cybersecurity team promptly activated our response plan, taking immediate steps to ensure that our critical systems remain operational. TDSB can confirm that our environment is secure, and that there is no ongoing unauthorized access to any data, either stored in PowerSchool’s Student Information System or elsewhere.
Who Was Impacted?
We are contacting all current staff members at this time, however only certain staff members who fall within the following categories are impacted by this incident:
- Principals and Vice-Principals
- Teachers
- Classroom support staff (eg. Educational Assistants, Dedicated Early Childhood Educators, Child and Youth Workers, Special Needs Assistants)
- Office Staff (Office Administrators, Assistants, Secretaries)
- Guidance Counsellors
- Superintendents
- Administrative Liaisons
Note that School-Based Safety Monitors, Caretakers and Lunchroom Supervisors were not impacted.
What Information Was Impacted?
While our investigation with PowerSchool continues, we have now confirmed that some staff information stored in PowerSchool’s Student Information System may have been accessed and acquired by an unauthorized user. The information includes the following:
- First, Middle & Last Names
- Employee Number
- TDSB Email Address
In addition to this information, a very limited number (approximately 350) of staff members’ personal phone number or home address was stored in PowerSchool’s Student Information System. Current staff members who are affected will receive a separate notification advising that your personal phone number or home address was impacted.
To be clear, TDSB does not store any Social Insurance Numbers, financial or banking information in the PowerSchool Student Information System, so that information was not affected in any way.
PowerSchool has reported that it received confirmation that the data acquired by the unauthorized user was deleted and that the data was not posted online. Nevertheless, TDSB continues to take this incident very seriously, and is working with PowerSchool to ensure an incident like this does not happen again in the future.
This breach has been reported to the Office of the Information and Privacy Commissioner of Ontario (the IPC) and an investigation file has been opened. While you are entitled to file a complaint, the IPC has advised that it is not necessary as they are already investigating the matter. You can visit the IPC’s website at www.ipc.on.ca.
Where Can I Find the Latest Information?
We will continue to provide additional updates as we receive them. Information on this evolving situation is available here on the TDSB’s website. We also recognize that you may have questions about what has occurred. Should you have any questions, please contact cyberincident@tdsb.on.ca.
Sincerely,
Stacey Zucker
Interim Director of Education