Local residents affected by a computer breach of the company that the Baker School District uses to maintain student records will be notified by the company, the school district announced on Wednesday, Feb. 26.

The district learned about the breach of the PowerSchool system, which affected hundreds of school districts across the U.S., in January.

The district notified parents through the Parent Square message system on Jan. 15.

On Wednesday the district announced that PowerSchool will soon email information to people whose records could have been accessed.

“Individuals impacted by the breach will be contacted directly with information from PowerSchool related to credit or identity monitoring,” the school district said.

The notifications will come from Experian in one of these email addresses:

• Ps-sis-incident@mail.csid.com

• Ps-sis-incident@mail1.csid.com

• Ps-sis-incident@mail2.csid.com

The district has used PowerSchool software to maintain student records, including grades, since at least 2016.

Lindsey McDowell, the district’s public information and communications coordinator, said in January that district officials are working with PowerSchool to figure out the types of records that could have been accessed illegally.

“No passwords or financial information was impacted by this incident,” according to the notice the district sent through Parent Square.

The types of records that might have been downloaded include names, student ID numbers, parent/guardian contact information, birthdates, dates of enrollment and reasons for a student leaving school, limited medical alert information such as allergies, and whether a student has an Individual Education Plan to address the students’ particular needs.

“Although PowerSchool has assured us that the risk of data dissemination or misuse is low, we remain vigilant and are leveraging all available resources to thoroughly assess the situation,” the district wrote in the notification through Parent Square.

“We recognize that incidents like this can cause significant concern, as protecting the privacy and security of personal information is a top priority. Please know that we are working with PowerSchool to better understand the scope of the cybersecurity incident and to ensure that appropriate measures are taken to safeguard the information. We will keep you informed of developments as they become available from PowerSchool.”

According to the district, PowerSchool discovered the breach on Dec. 28.

McDowell said she doesn’t know why the company didn’t notify the district until January.

According to the district, someone used the account of a PowerSchool employee to access the data, which allowed “rapid access to and the downloading off millions of records from schools throughout the country between December 19 and December 24, 2024.”

PowerSchool has hired a cybersecurity firm to investigate the breach, according to the district.

“PowerSchool has implemented additional information security best practices requiring updated credentials for all employees, and restricting access to their support system tools,” the district wrote in its notification. “PowerSchool will also provide credit or identity monitoring services to those impacted depending on the nature of the personal information accessed.”

According to PowerSchool, its software is used in districts with a combined enrollment of 50 million students.