Residents ask about Schoology/PowerSchool data-security fixes after earlier breach; district says state and BOCES engaged

Residents at the Massapequa Union Free School District meeting raised concerns about student-data security following a data breach tied to the district’s vendor relationship earlier in the year. A commenter asked whether the district’s third-party vendor (Schoology/PowerSchool) now provides multifactor authentication for parent and student accounts.

District officials said PowerSchool (the district’s student-information system) reported that it had made multiple security enhancements but that the vendor did not provide detailed technical descriptions of those changes in the materials shared with the district. The district said it uses multifactor authentication and password policies for on-premises servers and local systems, and it expects comparable safeguards from third-party vendors.

The district said it has engaged regional BOCES and New York State agencies to assess vendor requirements and to strengthen compliance with New York State Education Law provisions intended to protect student data. Board staff said the state does not currently require multifactor authentication specifically but does require several safeguards; the district is pursuing stronger protections and working with state and BOCES partners to encourage enhanced vendor security practices.

The meeting record shows district leaders promised follow-up to parents who had outstanding access issues and indicated presentations and updates on the matter had been provided in previous public sessions. No new contractual actions were recorded at the meeting related to PowerSchool, and officials did not provide a detailed technical list of the vendor’s security changes during open session.