This week the district learned that on December 28, 2024, PowerSchool, the provider of our student information system, became aware of a cybersecurity incident.  This incident involved unauthorized access to certain information through one of its customer support portals, PowerSource. Over the following days, PowerSchool’s investigation determined that an unauthorized party from an IP address outside the United States gained access to certain PowerSchool Student Information System data using a compromised login. The compromised account, which has since been deactivated by PowerSchool, was used to access all production and non-production servers via the PowerSchool API. 

The breach compromised PowerSchool servers across the state of Texas, the United States and Canada. Tornillo ISD was impacted by the security breach. We know that data from the Student and Teacher tables were exported. Tornillo ISD may not be using all of the fields listed on these two websites. More detailed information will be provided as soon as it becomes available.

PowerSchool has engaged the services of CyberSteward, a professional advisor with deep experience in negotiating with perpetrators. With their guidance, PowerSchool has received reasonable assurances and video confirmation from the perpetrator that the data has been deleted and that no additional copies exist. They do not anticipate the data being shared or made public, and they believe it has been deleted without any further replication or dissemination. PowerSchool is reviewing current security practices and implementing further protocols to prevent this type of incident from happening again.

Currently there is no action necessary on your part. As we continue to learn more about PowerSchool’s investigation and response to the incident we will continue to provide updates on our website.