The Baker School District on Jan. 15, 2025, notified parents about a data breach involving students’ names, birthdates and other information. The breach was through PowerSchool software the district uses and involved hundreds of school districts nationwide.

BAKER CITY — The Baker School District is one of hundreds nationwide and in other countries affected by a computer breach that accessed students’ names, birthdates and other information.

The district sent information about the breach to parents Wednesday, Jan. 15, through the ParentSquare system.

Lindsey McDowell, the district’s public information and communications coordinator, wrote in an email to the Baker City Herald that the software company, PowerSchool, notified the district about the breach on Jan. 7, but the initial report said the Baker School District wasn’t affected.

McDowell said the district learned later the initial report was wrong and Baker was among the districts affected.

The district then sent out the notification through ParentSquare.

The district has used PowerSchool software to maintain student records, including grades, since at least 2016.

McDowell said district officials are working with PowerSchool to figure out the types of records that could have been accessed illegally.

“No passwords or financial information was impacted by this incident,” according to the notice the district sent through ParentSquare.

The types of records that might have been downloaded include names, student ID numbers, parent/guardian contact information, birthdates, dates of enrollment and reasons for a student leaving school, limited medical alert information such as allergies, and whether a student has an individual education plan to address the student’s particular needs.

“Although PowerSchool has assured us that the risk of data dissemination or misuse is low, we remain vigilant and are leveraging all available resources to thoroughly assess the situation,” the district wrote in the notification through ParentSquare.

“We recognize that incidents like this can cause significant concern, as protecting the privacy and security of personal information is a top priority. Please know that we are working with PowerSchool to better understand the scope of the cybersecurity incident and to ensure that appropriate measures are taken to safeguard the information. We will keep you informed of developments as they become available from PowerSchool.”

According to the district, PowerSchool discovered the breach on Dec. 28.

McDowell said she doesn’t know why the company didn’t notify the district until Jan. 7.

According to the district, someone used the account of a PowerSchool employee to access the data, which allowed “rapid access to and the downloading of millions of records from schools throughout the country” between Dec. 19 and Dec. 24.

PowerSchool has hired a cybersecurity firm to investigate the breach, according to the district.

“PowerSchool has implemented additional information security best practices requiring updated credentials for all employees, and restricting access to their support system tools,” the district wrote in its notification.

“PowerSchool will also provide credit or identity monitoring services to those impacted depending on the nature of the personal information accessed.”

According to PowerSchool, its software is used in districts with a combined enrollment of 50 million students.