Data breach affects New Trier, local grammar schools
The records of thousands of current and former local students were illegally accessed in December through a common student information system, PowerSchool, according to email messages from impacted districts.
Among the local schools impacted are: New Trier High School and schools in Wilmette District 39, Winnetka District 36, Sunset Ridge District 28 and Avoca District 37. North Shore District 112 and Glencoe District 35 do not use PowerSchool.
In a message sent to district families, New Trier Chief Technology Officer Michael Marassa wrote that information related to approximately 35,000 current and former New Trier students was involved in the data breach.
Marassa’s email explains that PowerSchool, which works with 18,000 schools across the globe, discovered on Dec. 28 that a hacker leveraged the account of a PowerSchool technical-support staffer to access the records between Dec. 19-24.
“We are extremely disappointed in this security lapse and are in constant communication with PowerSchool to understand how this could have happened and what they are doing to prevent future incidents,” Marassa’s email reads.
The compromised information reportedly includes student names, school IDs, addresses, birth dates, and emergency-contact information; however, it does not include GPAs, medical information, email addresses and financial information. Social security numbers also were not involved in the breach, except for a “limited number” of students who attended New Trier prior to 2017. New Trier officials reportedly are working with PowerSchool to contact those individuals separately.
According to New Trier’s email, PowerSchool informed involved districts that it believes the accessed information has been deleted without being shared or made public. PowerSchool reportedly has contracted a cybersecurity firm, CrowdStrike, to investigate the breach, and an analysis of the breach is expected by Friday, Jan. 17.
New Trier and other impacted local districts reportedly are reviewing internal data-protection policies and tools.
“We are collaborating closely with other impacted school districts and leveraging our membership in both statewide and national educational technology organizations to ensure we have taken every possible step in responding to the data breach,” Marassa wrote in his email. “We know that incidents like these are upsetting, and we share your concern. Please know that we are doing everything we can to prevent these types of incidents in the future.”
The Record is a nonprofit, nonpartisan community newsroom that relies on reader support to fuel its independent local journalism.
Subscribe to The Record to fund responsible news coverage for your community.
Already a subscriber? You can make a tax-deductible donation at any time.
Joe Coughlin
Joe Coughlin is a co-founder and the editor in chief of The Record. He leads investigative reporting and reports on anything else needed. Joe has been recognized for his investigative reporting and sports reporting, feature writing and photojournalism. Follow Joe on Twitter @joec2319