Scott County Schools informed the board Jan. 16 that the district was among systems nationwide affected by a data breach at PowerSchool, the student information system used by many U.S. school districts.

Director of Schools Mr. Hall and district staff said the breach was reported by PowerSchool and that the vendor paid a ransom to recover data. District IT staff told the board they had contacted the state and posted a notice on the district website; a parent notification letter was being prepared for distribution once details were finalized.

Why it matters: The district said the breach may include Social Security numbers and other personally identifiable information for students and staff. Officials described ongoing uncertainty from the vendor about what was taken and whether copies were deleted after the ransom, and the district said it was following state notification requirements.

What the district has done: District staff said they have 1) posted a public notice on the website, 2) prepared and will send letters to parents and employees, 3) reported the incident as required to state authorities, and 4) removed as much data from PowerSchool as the district can and switched some student identifiers to PIN numbers where feasible. The district also said it cannot remove certain teacher data required for state reporting.

District remarks: "We are included in it," a staff speaker said. "We still haven't received a whole lot as far as what next steps are from PowerSchool." Hall said the district had reached out to the Tennessee School Boards Association and the state and that staff member Mr. Bond had led notification work.

Open questions: Officials said they have not yet received definitive answers from PowerSchool about exactly what was taken or whether data copies have been deleted. The district said it will continue to coordinate with the state and the vendor and will provide updates to parents and staff.

Context and forward look: Board members asked whether any specific actions were required of trustees; staff replied that reporting was being handled by district administrators and the state, and that more detailed guidance (for example, on credit monitoring) had not yet been provided by the vendor.