Citizen Portal
Sign In

Rio Rancho Schools detail cybersecurity defenses after statewide PowerSchool breach

RIO RANCHO PUBLIC SCHOOLS Board of Education · January 27, 2026

Get AI-powered insights, summaries, and transcripts

Subscribe
AI-Generated Content: All content on this page was generated by AI to highlight key points from the meeting. For complete details and context, we recommend watching the full video. so we can fix them.

Summary

District IT director Scott Leppleman told the Rio Rancho Public Schools Board that education is currently the most-targeted sector for cyberattacks, that about 90% of incidents begin with phishing, and that layered defenses and 0-trust policies helped the district avoid the 2024 PowerSchool breach.

Scott Leppleman, Rio Rancho Public Schools’ executive director for information technology, told the school board on Jan. 26 that education has become the most-targeted industry for cyberattacks and that most incidents begin with phishing and social-engineering tactics. “About 90% of hacks or any sort of vulnerability breaches come through phishing attacks,” Leppleman said, and he described layered technical and operational steps the district has taken to reduce risk.

Leppleman outlined the district’s “layered defense” strategy — perimeter firewalls, endpoint behavioral security, air‑gapped backups and a disaster-recovery policy that stores three copies of backups in separate locations. He said the district uses simulated phishing and an AI-driven email filter to block suspicious messages and provide immediate training when staff click on simulated threats. “In 90 days, we've remediated or blocked 2,700 malicious emails,” he said, noting that about 1,300 of those were impersonation attempts targeting Rio Rancho staff.

The presentation cited the 2024 nationwide PowerSchool incident, which Leppleman said affected many districts. He said Rio Rancho detected attempted access but was not compromised because of deliberate policies, including an extensive 0-trust implementation and restrictions on cross-border support-tool logins. “Because of that, we weren't allowing those support tools to access our server until we needed support from PowerSchool,” he said.

Board members pressed Leppleman on student-account security and multifactor authentication. He described partial implementations at various grade levels — elementary-level passkeys implemented via QR codes, ClassLink-based PIN-like solutions and automated account-remediation tools — and acknowledged constraints such as device‑management and cost for hardware tokens. He also discussed infrastructure resilience after repeated fiber cuts, saying the district spent $2,000,000 on additional construction to add redundancy and that staff used hot spots and other workarounds to keep schools open during outages.

The presentation concluded with Leppleman describing ongoing objectives: tighten email and account protections, continue third-party penetration testing and expand staff training. The board did not take formal action on the presentation; members thanked the IT team and moved on to the business agenda.