PowerSchool hack was a ‘significant breach,’ says N.L. privacy commissioner

Staff Editor 2026-05-12
PowerSchool hack was a ‘significant breach,’ says N.L. privacy commissioner

PowerSchool hack was a ‘significant breach,’ says N.L. privacy commissioner

https://ca.news.yahoo.com/powerschool-hack-significant-breach-says-134909356.html

Publish Date: 2026-05-12 09:49:00

Source Domain: ca.news.yahoo.com

The Newfoundland and Labrador department of education did not have the proper tools in place to monitor the personal information stored by PowerSchool — which led to a massive privacy breach in which anyone who was a student or had a child in school from 1995 and onward had their personal information stolen.

The information of teachers, dating back to 2010, was also vulnerable to hackers.

In Jan. 2025 the provincial education department announced it was notified in late December hackers accessed PowerSchool, data management software used in the province’s K-to-12 school system.

The privacy breach extends beyond Newfoundland and Labrador, as the PowerSchool platform is used in many jurisdictions across North America.

“This was a significant breach that affected hundreds of thousands of people across the province, many of them children,” said Information and Privacy Commissioner Kerry Hatfield in a media release issued Tuesday.

In total, the MCP numbers of 244,917 from student records were accessed, from both current and former students.

However, those numbers should not have been collected in the first place, according to the privacy commissioner’s report.

“The Department’s collection and retention of student MCP numbers was not authorized under the  [Access to Information and Protection of Privacy] Act,” states the overview of the report.

“As a result, the Report recommends that the Department immediately cease collecting this information and permanently remove existing MCP numbers from student records.”

In addition, Hatfield’s report recommends the department of education directly notify a small group of current students who were identified as potentially having Social Insurance Number (SIN) information affected in the breach.

The report states the department took “reasonable steps in its response to the breach,” but noted there are areas for improvement.

The report also cited PowerSchool for “its failure to meet [its] commitments in practice.”

Source

More Stories

Prince Harry Did a Total 180 About His & Meghan Markle’s Kids Privacy

Prince Harry Did a Total 180 About His & Meghan Markle’s Kids Privacy

Staff Editor 2026-06-06
Brave Origin strips AI, Rewards, and VPN for privacy purists

Brave Origin strips AI, Rewards, and VPN for privacy purists

Staff Editor 2026-06-06
X-VPN Announces Successful Completion of Independent No-Logs Audit, Strengthening User Privacy and Transparency

X-VPN Announces Successful Completion of Independent No-Logs Audit, Strengthening User Privacy and Transparency

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy