THUNDER BAY — The Lakehead District and Thunder Bay Catholic District School Boards have confirmed the categories of information that were and weren’t impacted as part of a breach of an application used by many school boards across North America.
On Jan. 7, multiple school boards in Northwestern Ontario who use the PowerSchool app for things like enrollment and attendance, were advised that the company had suffered a data breach. Friday afternoon, in notices to families, which were also posted on their websites, the English public and Catholic boards said they had more information, after working with PowerSchool.
The boards said the following information for students who have been enrolled since the 2015-16 school year, as well as a small number of students who have taken eLearning courses offered by the boards, was compromised:
- Name;
- Gender;
- Date of birth;
- Ontario education number and student number;
- Home and/or mailing address;
- Most recent school enrolled;
- Most recent homeroom class name;
- Enrollment arrival and departure dates, as well as expected graduation dates;
- Doctor’s name and phone number.
The public board said, on top of those categories, guardian and emergency contact names and phone numbers were impacted; the Catholic board said, additionally, home phone numbers and the initial schools students were enrolled in were affected.
For some other students, the notices continued, other data, such as medical alert notes, guardianship notes related to custodial arrangements, and notes regarding reasons for school transfers, was also impacted. The Catholic board added that guardian email addresses, notes related to discipline, emergency contact names and phone numbers, and parent names were impacted for some students only.
The boards said that data like financial information, health assessment information, medical records, and student academic grades was not impacted. Neither, according to the notices, was medical information specifically submitted to the boards’ psychologists, occupational therapists, physiotherapists, audiologists, speech-language pathologists, and social workers.
The public board said that information around individual education plans was not affected, while the Catholic board’s notice said in less than five per cent of cases, the “other notes” field was impacted, which included references to IEPs. “It is important to note that this reference did not impact all students with an IEP and that the IEPs themselves were not impacted,” the Catholic board’s notice said.
The Lakehead and Catholic boards have posted frequently asked questions sections on their sites, and shared one from PowerSchool as well.
The provincial privacy commissioner was notified, the board said, and is investigating.
Concerned families can contact dedicated email addresses at [email protected] for the public board, and [email protected] for the Catholic board.
