Schools work to ID students affected by info breach

By Cayla Bamberger New York Daily News

A handful of city public schools were impacted by what appears to be the biggest-ever breach of American children’s personal information, education officials confirmed.

Last month, the education technology company PowerSchool announced that hackers had accessed its student information systems, including names, birthdays, addresses and Social Security numbers. So far, at least four local schools — with a combined enrollment of 3,000 students — have been identified as being ensnared in the cyberattack.

PowerSchool is not required by the local Department of Education, but some principals have purchased the software to keep track of their students. Because student information systems are decentralized, parents may still be in the dark as to whether their children’s information was breached, advocates warned.

A public schools spokeswoman said they have reached out to the “small number of schools” that PowerSchool revealed were among the institutions hacked nationwide.

“The safety and security of our students and staff, including their personal information and data, is of the utmost importance for New York City Public Schools,” Jenna Lyle, the spokeswoman, said in a statement.

“We are working diligently to obtain information from PowerSchool that would identify the specific students and data that was affected by this incident. Once we have that information, any student whose data is found to have been affected will receive direct notice from NYCPS detailing how they were impacted and instructions on how to enroll in identity-monitoring services, free of cost.”

The New York City schools confirmed to have been affected are Fordham High School for the Arts, Long Island City High School, Lower East Side Preparatory High School and Westchester Square Academy, according to an email from the New York State Education Department obtained by the Daily News.

Neither Lyle nor PowerSchool shared how many local schools they were aware of that were impacted by the breach. Advocates lamented that DOE and the tech company were not more forthcoming.

“It’s irresponsible for the DOE not to publicize this as widely as possible,” said Leonie Haimson, co-chairperson of the Parent Coalition for Student Privacy, an advocacy group. “People ought to be taking advantage of this offer [of identity-monitoring services] as quickly as possible. Because the longer they wait, the more likely this data will be misused.”