RVS Confirms Systems Safe After PowerSchool Breach

Rocky View Schools (RVS) says its systems remain secure following a PowerSchool data breach that occurred late last year, confirming that no financial information or government identification documents were accessed and that the data appears to have been deleted by the threat actor.
On December 28, 2024, the cloud-based student information platform PowerSchool notified RVS of a security incident affecting several school jurisdictions across North America. PowerSchool later confirmed that the breach stemmed from a compromised corporate support account, allowing an unauthorized party to access contact information from student, parent, and staff records.
RVS’s technology team conducted its own internal review, determining that the exposed data included student ID numbers, encrypted passwords, birthdates, mailing addresses, and student support information. The jurisdiction emphasized that the breach did not involve Social Insurance Numbers, banking details, or any uploaded personal documents such as birth certificates or driver’s licences, which are not stored in PowerSchool systems.
“RVS takes the security and privacy of personal information very seriously. We take a multi-faceted approach to protecting the data in our care,” the division said in a written statement.
Third-party cybersecurity specialists hired by PowerSchool reported that although some data was exfiltrated, dark-web monitoring has not revealed any evidence that the stolen files were offered for sale or download. According to the investigation, the threat actor responsible for the breach has since deleted the copied data without replicating or distributing it further.
“PowerSchool believes the data copied through the breach has been deleted without any further replication or dissemination. The system remains fully functional and is safe to use,” RVS added.
The school division said it conducts regular system updates, employs multi-factor authentication, uses network firewalls and antivirus protection, and maintains strict internal access controls. Routine security audits are also carried out to detect vulnerabilities and ensure compliance with provincial privacy regulations.
To strengthen awareness across the division, RVS continues to conduct Cyber Security Awareness Sessions for students and staff. These sessions cover identifying phishing attempts, practicing secure online behaviour, and reducing exposure to malware.
RVS offered two years of complimentary identity and credit-monitoring services through Experian and TransUnion for students and staff whose records were affected. Following additional updates from PowerSchool, the deadline to register for these services was extended to July 31.
The Office of the Information and Privacy Commissioner of Alberta (OIPC) issued its investigation report to RVS earlier this year. The report confirmed the nature of the breach and supported the division’s continued monitoring and mitigation efforts.
PowerSchool recently notified its partner school divisions that on May 7 a threat actor attempted to contact Student Information System customers using data from the December breach in an effort to extort them. Investigators found no evidence that new data had been accessed or extracted during that attempt, and RVS confirmed that its systems remain stable and secure.
“We continue to monitor potential risks to cyber security and implement measures to protect the data of our students, families, and staff,” RVS said.
More information is available on the RVS and PowerSchool websites.