The District recently received notification from the New York State Education Department’s Chief Privacy Officer (“CPO”), Louise DeCandia, advising that the threat actors responsible for the December 2024 PowerSchool breach—i.e., Shiny Hunters—have contacted multiple educational agencies directly, both in the United States and Canada, in an attempt to extort them using the previously stolen data. While there have been no reports of any school districts in New York having received similar messages, according to the CPO, in New York, 77 school districts, 54 charter schools, 2 BOCES, and 5 nonpublic schools approved to provide special education services were affected by the PowerSchool breach, including the District.
We will continue to work with NYSED and appropriate law enforcement authorities as needed to address any developments. If you are contacted by anyone purporting to be the threat actors or otherwise claiming to have the PowerSchool data, please immediately call the New York State Division of Homeland Security and Emergency Services cyber incident line at 844-OCT-CIRT (844-628-2478) and clearly state that you are calling about a PowerSchool issue. This will ensure that the call goes straight to law enforcement.