Millburn Township Public Schools

Initial Letter Regarding PowerSchool Security Breach - January 8, 2025

Dear Millburn Parents, Guardians, and Staff,

We were informed today that PowerSchool, our Student Information System, had a recent data breach. The breach is estimated to have occurred in late December. 

PowerSchool is a cloud-based software solutions provider for K-12 schools like Millburn that supports over 60 million students and over 18,000 customers worldwide. In response to the cyber attack, the company engaged with third-party cybersecurity experts, including CrowdStrike, to investigate and mitigate the incident. 

The specific details of the data affected are still being determined, but at this time, we know that student and staff names, addresses, emails, grade levels, and other personal information were stored in PowerSchool and may have been compromised. Social security numbers are not stored in this system. PowerSchool has assured us that the incident is contained, and there is no evidence of malware or continued unauthorized activity within the system. The company has publicly reported that it is reasonably confident that the threat actor deleted the stolen data, but there is no 100% guarantee that the data was fully deleted. 

Our Technology Director and the district team are working with PowerSchool to determine the extent of our exposure. We will continue to provide updates as information becomes available from PowerSchool. 

Maintaining the trust and safety of our students, families, and staff is our highest priority. If you have any questions or concerns regarding this matter, please do not hesitate to contact our district office. 

Thank you for your understanding and continued support. 

Sincerely,

Dr. Kate Diskin

Kate Diskin, Ed.D.
Superintendent

Update Regarding Recent PowerSchool Data Breach - January 28, 2025

Dear Millburn Families and Staff, 

As we previously communicated on January 8, 2025, PowerSchool, our student information system (SIS) vendor, recently experienced a cybersecurity incident involving unauthorized access to certain information in their systems nationwide.  As we stated at that time, “PowerSchool has assured us that the incident is contained, and there is no evidence of malware or continued unauthorized activity within the system. The company has publicly reported that it is reasonably confident that the threat actor deleted the stolen data, but there is no 100% guarantee that the data was fully deleted.”

In further efforts to safeguard their clients’ families data, PowerSchool has shared the following information regarding their next steps:

 ● Identity Protection and Credit Monitoring Services: PowerSchool has engaged Experian, a trusted credit reporting agency, to offer two years of complimentary identity protection services for all students, families, and educators whose information from our PowerSchool SIS was involved. This offer will also include two years of complimentary credit monitoring services for all adult students and educators whose information was involved. 

 ● Notification to Individuals: A direct email notification will be distributed by Experian on behalf of PowerSchool in the coming weeks to applicable current and former students (or their parents / guardians as applicable) and educators for whom we have sufficient contact information. PowerSchool will also launch a website and distribute a media release to ensure we reach as many involved individuals as possible and provide them with resources to protect their information. Importantly, these notices will include instructions for involved individuals on how to enroll in the credit monitoring and identity protection services that PowerSchool is offering.

For more information from PowerSchool about this cybersecurity incident, please visit https://www.powerschool.com/security/sis-incident / for their up-to date FAQ.  

Sincerely,

Dr. Kate Diskin

Kate Diskin, Ed.D.
Superintendent