NNDSB Data Breach: Here is what you need to know
For some students who have been enrolled since Sept. 8, 2015, the information affected includes: medical alert information; guardian email address; student emergency contacts’ names and phone numbers; date of graduation
With respect to medical alert information, if you provided information to your child’s school about your child’s allergies, medical conditions or injuries when completing the start of school year forms, this information was included in the data that may have been accessed or acquired.
Further to the information shared on Jan. 9, The Near North District School Board (NNDSB) are writing to provide another update on the cyber incident involving PowerSchool’s Student Information System – the application used NNDSB and many school boards across North America to store certain student and staff information.
This incident has affected current and former students and staff. Please note that we will also be posting this notice on our website to notify NNDSB’s former students who may be affected. What Happened On Tuesday, Jan. 7, 2025, PowerSchool informed NNDSB and other school boards throughout the province that it had experienced a cyber incident.
Since then, the NNDSB have been working with PowerSchool and internal and external experts to determine the precise information that was affected. What Information Was Affected We have concluded our analysis and can confirm that limited student information was compromised as part of this incident.
For all students who have been enrolled in NNDSB since Sept. 8, 2015, the information affected includes: student first name; student last name; student Ontario Education Number; enrolment start and end dates; last grade attended at NNDSB; student gender; student date of birth; student address. For most students who have been enrolled since Sept. 8, 2015, the information affected includes: student home phone number; doctor’s phone number.
For some students who have been enrolled since Sept. 8, 2015, the information affected includes: medical alert information; guardian email address; student emergency contacts’ names and phone numbers; date of graduation. 1 For a very small number of students enrolled from Sept. 8, 2015, the following information was also affected: mother’s name; father’s name; summer school information (what school the student came from and will be attending).
With respect to medical alert information, if you provided information to your child’s school about your child’s allergies, medical conditions or injuries when completing the start of school year forms, this information was included in the data that may have been accessed or acquired.
This incident did not result in the compromise of any of the following information: financial information; health assessment information; student academic grades (marks); students’ individual education plans; accommodations. We have also prepared an FAQ page regarding this incident, and the NNDSB encourages you to visit the FAQ page here. You can also find an FAQ from PowerSchool. NNDSB has reported this incident to the Office of the Information and Privacy Commissioner of Ontario (IPC), and the IPC has opened an investigation file.
What data was compromised?
The NNDSB has worked with PowerSchool to determine that the following Board information was affected:
Student information:
For all students who have been enrolled in NNDSB since Sept. 8, 2015, the information affected includes: student first name; student last name; student Ontario Education Number; enrolment start and end dates; last grade attended at NNDSB; student gender; student date of birth; student address.
For most students who have been enrolled since Sept. 8, 2015, the information affected includes: student home phone number; doctor’s phone number.
For some students who have been enrolled since Sept. 8, 2015, the information affected includes: medical alert information; guardian email address; student emergency contacts’ names and phone numbers; date of graduation.
For a very small number of students enrolled from Sept. 8, 2015, the following information was also affected: mother’s name; father’s name; summer school information (what school the student came from and will be attending).
With respect to medical alert information, if you provided information to your child’s school about your child’s allergies, medical conditions or injuries when completing the start of school year forms, this information was included in the data that may have been accessed or acquired.
Please note that medical information provided to members of NNDSB’s special education and/or mental health teams (e.g. psychologists, occupational therapists, physiotherapists, audiologists, speech-language pathologists, and social workers) was not impacted by this incident.
This incident did not result in the compromise of any of the following information: financial information; health assessment information; student academic grades (marks); students’ individual education plans; accommodations.
Staff information:
Any current or former employees of NNDSB who were employed at any time since Sept. 1, 2021, may have been affected. The information affected includes: employee identification number; first name; last name.
For a very small number of current or former employees of NNDSB who were employed at any time since Sept. 1, 2021, the information affected includes: middle name; home phone number; home address; city; preferred name.
Please note that sensitive staff information, like personal phone numbers, and financial information, was not compromised.
While you are entitled to file a complaint, the IPC has advised that it is not necessary as they are already investigating the matter. You can visit the IPC’s website here.
If you wish to have more information about this incident, the NNDSB invites you to contact us at PowerSchoolbreach@nearnorthschools.ca. You will receive an autoreply with a link to a form to be filled out so that staff can begin processing requests for information.
Please understand that those who contact NNDSB regarding this incident will need to verify their identity before we can release information about the specific impact of their information.
The NNDSB appreciates your patience and understanding at this time and sincerely regret any concern this has caused you.