Rocky View Schools (RVS) experienced a data breach in December 2024 via PowerSchool, a cloud-based student information system. An unauthorized party accessed current and former student, parent, and staff contact information, including student ID numbers, encrypted passwords, dates of birth, addresses, and student support details. While no financial data (e.g., Social Insurance Numbers), photographs, or personal documents (birth certificates, driver’s licenses) were compromised, the breach exposed sensitive records. Investigations confirmed the data was exfiltrated but not disseminated or sold on the dark web, with PowerSchool asserting it was deleted. However, in May 2025, a threat actor attempted extortion using the breached data, though no further extraction occurred. RVS implemented multi-factor authentication, firewalls, access controls, and cybersecurity training, while offering two years of free identity and credit monitoring to affected individuals. The incident prompted an investigation by Alberta’s Office of the Information Privacy Commissioner, reinforcing ongoing security measures.
Rocky View County cybersecurity rating report: https://www.rankiteo.com/company/rocky-view-county
"id": "ROC3105831112725",
"linkid": "rocky-view-county",
"type": "Breach",
"date": "12/2024",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': ['current/former students',
'parents',
'staff'],
'industry': 'education (K-12)',
'location': 'Alberta, Canada',
'name': 'Rocky View Schools (RVS)',
'type': 'educational institution (school division)'},
{'customers_affected': ['multiple school divisions in '
'North America'],
'industry': 'education technology (EdTech)',
'location': 'North America (headquartered in Folsom, '
'California, USA)',
'name': 'PowerSchool',
'type': 'software provider'}],
'attack_vector': 'compromised corporate support account',
'customer_advisories': ['identity/credit monitoring services offered to '
'affected students and staff'],
'data_breach': {'data_encryption': ['passwords were encrypted'],
'data_exfiltration': True,
'personally_identifiable_information': ['student ID numbers',
'dates of birth',
'addresses'],
'sensitivity_of_data': 'moderate (includes PII but no '
'financial/personal documents)',
'type_of_data_compromised': ['contact information',
'student records',
'staff records']},
'date_detected': '2024-12-28',
'description': 'On December 28, 2024, PowerSchool, a cloud-based student '
'information system, informed Rocky View Schools (RVS) of a '
'data breach by an unauthorized party that impacted several '
'school divisions in North America. The breach involved access '
'to current and former student, parent, and staff contact '
'information, including student ID numbers, encrypted '
'passwords, dates of birth, addresses, and student support '
'information. No financial data (e.g., Social Insurance '
'Numbers) or personal documents (e.g., birth certificates, '
'driver’s licenses) were accessed. PowerSchool and RVS '
'confirmed that the exfiltrated data was deleted without '
'further dissemination, and no evidence of the data being sold '
'or shared on the dark web was found. In May 2025, a threat '
'actor attempted to extort PowerSchool customers using data '
'from the December 2024 breach, but no additional data was '
'extracted. RVS implemented measures like multi-factor '
'authentication, firewalls, and security audits, and offered '
'affected individuals two years of complimentary identity and '
'credit monitoring services.',
'impact': {'brand_reputation_impact': 'potential reputational risk (mitigated '
'by proactive communication and '
'monitoring services)',
'data_compromised': ['student ID numbers',
'encrypted passwords',
'dates of birth',
'addresses',
'student support information'],
'downtime': 'none (system remained fully functional)',
'identity_theft_risk': 'low (no evidence of data misuse; '
'monitoring services provided)',
'operational_impact': 'none reported',
'payment_information_risk': 'none (no financial data accessed)',
'systems_affected': ['PowerSchool Student Information System']},
'initial_access_broker': {'entry_point': 'compromised corporate support '
'account',
'high_value_targets': ['student and staff records']},
'investigation_status': 'completed (PowerSchool and RVS investigations; '
'regulatory report received)',
'lessons_learned': ['Importance of securing corporate support accounts to '
'prevent unauthorized access.',
'Proactive monitoring (e.g., dark web) can help confirm '
'data deletion and prevent misuse.',
'Offering identity protection services can mitigate '
'reputational and operational risks.'],
'motivation': ['data exfiltration', 'extortion (attempted in May 2025)'],
'post_incident_analysis': {'corrective_actions': ['Strengthened '
'authentication for support '
'accounts.',
'Enhanced dark web '
'monitoring.',
'Extended identity '
'protection services.',
'Ongoing security audits '
'and updates.'],
'root_causes': ['compromised corporate support '
'account leading to unauthorized '
'data access']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Enhance authentication mechanisms for high-privilege '
'accounts (e.g., corporate support).',
'Expand cybersecurity awareness training for students and '
'staff to recognize phishing/extortion attempts.',
'Implement continuous third-party security audits for '
'cloud-based systems like PowerSchool.',
'Extend identity monitoring services preemptively in '
'cases of potential extortion threats.'],
'references': [{'source': 'Rocky View Schools (RVS) Statement'},
{'source': 'PowerSchool Breach Notification'},
{'source': 'Office of the Information Privacy Commissioner of '
'Alberta Investigation Report'}],
'regulatory_compliance': {'regulatory_notifications': ['Office of the '
'Information Privacy '
'Commissioner of '
'Alberta '
'(investigation report '
'received)']},
'response': {'communication_strategy': ['public statements by RVS',
'advisories on RVS/PowerSchool '
'websites',
'direct notification to affected '
'individuals'],
'containment_measures': ['data deletion confirmed by PowerSchool',
'no further replication/dissemination'],
'enhanced_monitoring': ['dark web monitoring for exfiltrated '
'data',
'ongoing cybersecurity risk monitoring'],
'incident_response_plan_activated': True,
'recovery_measures': ['system remained functional',
'identity/credit monitoring services '
'(Experian, TransUnion) extended to July '
'31, 2025'],
'remediation_measures': ['multi-factor authentication',
'network firewalls',
'access control policies',
'antivirus updates',
'regular security audits'],
'third_party_assistance': ["PowerSchool's third-party "
'investigation team']},
'stakeholder_advisories': ['RVS website updates',
'PowerSchool customer notifications'],
'title': 'PowerSchool Data Breach Affecting Rocky View Schools (RVS)',
'type': ['data breach', 'unauthorized access']}