The Department of Education was notified by its student information system provider, PowerSchool, of a recent cybersecurity incident affecting their clients. PowerSchool is a leading provider of cloud-based K-12 education software based in North America, providing these services in over 90 countries and to thousands of students and school organizations. This breach occurred on PowerSchool’s internal systems. The breach has not affected any of Bermuda Public Schools’ other systems or networks. This was an isolated incident specific to PowerSchool's infrastructure. According to PowerSchool, malware was not involved in this incident. PowerSchool has advised the Department that the incident has been contained and that their systems remain secure. 

Here are the key details from PowerSchool:

1. PowerSchool experienced a security breach when an unauthorized party gained access to its systems via a compromised credential. This means an individual’s username and password were used without authorization.
2. The unauthorized access allowed the party to reach the management console of PowerSchool’s PowerSource tool.

The data that may have been compromised includes family and staff contact information such as name and address information. PowerSchool has also indicated that for some individuals across their customer base, some personally identifiable information (PII) such as medical information may have been impacted. They are still investigating whether PII belonging to our students was included.

PowerSchool believes that the compromised data has been deleted and will not be shared publicly. They are actively working to prevent further unauthorized access or misuse of data.

The Department of Education Response:

 In keeping with Bermuda’s privacy laws, the Commissioner of Education, Mrs. Kalmar Richards, has informed the Office of the Privacy Commissioner. Additional information will be provided to the Privacy Commissioner’s Office and our staff and families as it becomes available.

Mrs. Richards said: “We are in close contact with PowerSchool and are actively monitoring the situation. It is worth noting that this breach is on PowerSchool’s International system and has not affected any of the Ministry’s local systems.

"We understand that this incident may raise concerns and appreciate your continued understanding as we work to address this issue. The safety and security of our students' and staffs' data remains a top priority.

 "PowerSchool has informed us that it has contained the breach and is working to prevent any further unauthorized access or misuse of the compromised data. They are taking steps to ensure the data will not be publicly shared. They continue to investigate the incident and will share information as it becomes available.

"Families and staff with any questions or concerns may contact the Office of the Commissioner by emailing coe@moed.bm."