Citizen Portal
Sign In

Get AI Briefings, Transcripts & Alerts on Local & National Government Meetings — Forever.

Claim Your Spot

PowerSchool breach raised during meeting; vendor says MFA, VPN and other controls now in place

Allentown School District Board of Directors · April 24, 2026

Loading...

AI-Generated Content: All content on this page was generated by AI to highlight key points from the meeting. For complete details and context, we recommend watching the full video. so we can fix them.

Summary

A board member asked about a December 2024 PowerSchool cybersecurity incident and ransom; a PowerSchool senior account director described the CrowdStrike investigation and told the board the company has implemented multifactor authentication, VPN restrictions for support portals and identity‑theft protections for affected customers.

During the evening’s committee meetings a board member raised cybersecurity concerns about the district’s planned PowerSchool purchases and noted a December 2024 incident that affected PowerSchool customer data.

Joel Hill, PowerSchool’s senior account director for Pennsylvania (speaking remotely), told the board the company discovered unauthorized access to a PowerSchool customer support portal (PowerSource) on Dec. 28, 2024. Hill said PowerSchool engaged third‑party responders, notified clients within days, and provided a CrowdStrike report to affected customers.

"Our investigation determined that an unauthorized party gained access to certain PowerSchool student information system customer data using a compromised set of credentials," Hill said. He described steps PowerSchool has taken since the incident: requiring multi‑factor authentication for all applications, restricting access to the PowerSource support portal through a company VPN, requiring customers to open a secure bridge for any vendor‑to‑customer connections, and providing two years of identity‑theft protection for impacted customers.

District procurement staff told the committee the PowerSchool products under consideration — a data lake, analytics and operational enhancements — are intended to centralize legacy data, automate compliance for open‑records requests and improve operational efficiency. The IT presenter said migrating email archiving into the Microsoft cloud (Cloudficient EV Complete) would also reduce annual archiving costs and simplify public‑records search.

Why it matters: the district is moving to centralized data tools that, if implemented, will hold or index large volumes of student and staff records. The board’s question prompted an on‑the‑record vendor explanation of the 2024 incident and the compensating controls PowerSchool says it has implemented.

What’s next: the committee moved the PowerSchool data lake and associated operational enhancements forward to the full board. Procurement and IT will present contract terms and security requirements for board review as the district finalizes any award.