Data Security Incident 1/7/25

** Update 2/12/25 **

On January 14, 2025, you received an email from the District with information about a cybersecurity incident that occurred on December 22, 2024, involving unauthorized access to specific student and staff information maintained in the PowerSchool Student Information System. As was shared previously, no social security numbers are stored in HCSD’s PowerSchool Student Information System and no student or staff social security numbers were part of this data breach.

The District has been informed that PowerSchool is offering two years of complimentary identity protection services to students and educators whose information was involved.  For adult students and educators, this offer also includes two years of complimentary credit monitoring services.  To access these free services, click here.

We continue to take student and staff privacy and security very seriously and will provide updates from PowerSchool as they become available. If you have any questions, please email the District Data Privacy Officer at dataprivacy@harrisoncsd.org.  

This notification provides additional information regarding the PowerSchool Student Information System breach that occurred on December 22, 2024. PowerSchool is one of the largest student information software providers in the nation, serving 16,000 school districts and 50 million students nationwide. It hosts Harrison’s student information system on off-site servers and is responsible for maintaining its privacy and security.

On Tuesday, January 7, 2025, PowerSchool informed the District that they experienced a cybersecurity incident involving unauthorized access to specific customer data maintained in their Student Information System. PowerSchool confirmed that the data breach included some information associated with Harrison students and staff.  

Following PowerSchool’s notification, the District also completed a forensic review of the data affected by this incident.  The table below indicates the data categories that were and were not included in this cybersecurity incident:

Data Included
in PowerSchool’s Data Breach		 Data NOT Included
in PowerSchool’s Data Breach
  • Student demographic information (name, date of birth, gender, address)
  • Parent and emergency contact information (name, phone number)
  • Student designations for support services (e.g., IEP, 504 Plan, ELL); the breach included only student designation and no other support services information
  • Medical alerts (e.g., allergies, wears glasses, using crutches for two weeks, etc.); the breach did not include any other health records
  • Staff names and email addresses
  • Social security numbers (no social security numbers are stored in PowerSchool)
  • Test scores, grades, or transcripts
  • Attendance records
  • Disciplinary records
  • Special education records (other than designations for support services)
  • Health records (other than medical alerts)
  • Student or family financial information


PowerSchool has assured the District that they have taken appropriate steps to prevent further unauthorized access to or misuse of the data.  PowerSchool does not anticipate the information being shared or made public, and they believe the data has been deleted without further replication or dissemination.  

Since social security numbers are not collected or maintained by the District, they are not implicated in this cybersecurity incident. Therefore, PowerSchool has indicated that credit monitoring services will not be provided.  

If you have any questions, please email the District Data Privacy Officer at dataprivacy@harrisoncsd.org.