Return to Headlines

PowerSchool emails about cybersecurity breach are legitimate

This week, some CCSD 89 families and staff members have started receiving emails from PowerSchool with information about signing up for credit monitoring. This is a follow-up to the cybersecurity breach that occurred at PowerSchool in December. CCSD 89 notified families and staff about the incident that affected hundreds of school districts on January 9: https://conta.cc/4j8ExSa 

On Thursday, PowerSchool confirmed that emails from the following email addresses are legitimate: Ps-sis-incident@mail.csid.com, Ps-sis-incident@mail1.csid.com, Ps-sis-incident@mail2.csid.com  

The subject line of the email is “PowerSchool Cybersecurity Incident” and the body of the email begins “Dear PowerSchool User or Parent / Guardian of User:”, then gives information about signing up for credit monitoring.

The district does not have a role in the credit monitoring offer and families can determine whether they want to use it. Questions about the PowerSchool cybersecurity incident or email should be directed to PowerSchool. More information about PowerSchool’s response is available here: https://www.powerschool.com/security/sis-incident/

CCSD 89 takes the security of all student, family, and staff data as seriously as the safety of our physical buildings. The district has implemented multiple processes that are designed to continually protect our data and systems, including:

  • Limited access to student data systems. Only staff members with a legitimate need to use staff or student data have access.
  • Cybersecurity best practices. The district follows industry best practices including strong password policies. The technology team is constantly monitoring for new threats and ensuring the district is in compliance with security requirements.
  • Phishing tests. The district regularly conducts phishing tests to help staff identify suspicious emails that are trying to steal sensitive information, including passwords. 

The district also conducted an independent review of the PowerSchool breach and confirmed that no current student’s social security number was accessed. The district has not seen any further unauthorized access to PowerSchool student records.

Posted: February 27, 2026