July 22, 2025 – Gatineau, Quebec
PowerSchool has committed to take steps to ensure that the education technology software company’s security measures are appropriately strengthened following a cyberattack that impacted millions of Canadian students, parents, and educators.
The commitments follow an engagement with the Office of the Privacy Commissioner of Canada to ensure that PowerSchool was taking appropriate steps to respond to the breach.
As part of this breach, a hacker obtained data such as names, contact information, dates of birth and, in some cases, medical information and Social Insurance Numbers of current and former students, current and former educators, and parents across several provinces and territories.
PowerSchool took measures to contain the breach, notify affected individuals and organizations and offer credit protection, and has voluntarily committed to additional actions to support its security safeguards. These include strengthened monitoring and detection tools.
In light of the actions that PowerSchool has already implemented, and those that it will implement over the coming months, Privacy Commissioner of Canada Philippe Dufresne has decided to discontinue the investigation that he launched in February but will be monitoring to ensure that all of PowerSchool’s commitments are fully met.
This decision does not affect ongoing investigations by provincial Information and Privacy Commissioners in Ontario and Alberta, who are actively examining the breach from the perspective of the school boards and schools under their respective privacy laws.
Quote
“I welcome PowerSchool’s willingness to engage with my Office to achieve a timely resolution that will result in stronger protections for the personal information of students, parents, and educators across Canada. Federal privacy law requires that organizations protect personal information with security safeguards appropriate to the sensitivity of the information. This is particularly important when dealing with children’s personal information.”
Philippe Dufresne
Privacy Commissioner of Canada