GNWT is urging thousands of residents in the region affected by a recent data breach to register for protection services by a deadline of May 30.
The cybersecurity incident was first reported back in January and has affected about three quarters of the population of N.W.T .
Personal data stored by a software company called Powerschool included information such as names, email addresses and even health-related information for students, parents/guardians and teachers.
Thierry Lavoie, who is the senior communications advisor at GNWT’s Department of Education, Culture and Employment told True North FM that thousands of people in the region were impacted.
“The GNWT confirmed that the number of impacted individuals for the NWT is approximately 35,082 (32,734 students and 2,348 educators or staff),” said Lavoie.
NWT’s schools store their data in the student information system called Powerschool.
“PowerSchool is the Student Information System used in the NWT’s Junior Kindergarten to Grade 12 schools. Jurisdictions, including the NWT, use reputable companies for this information management and conduct privacy impact assessments,” explained Lavoie.
The data was breached when “unauthorized access” occurred within the online system that stored the data, known as “the cloud.”
“There was an unauthorized access to PowerSchool’s cloud environment led to the theft of records from several education bodies. The breach was not within the GNWT’s network,” said Lavoie
Lavoie noted that the breach involved current and past student and staff information stored within the PowerSchool system, includingstudent names, student mailing addresses, student dates of birth, student home phone numbers, medical conditions (i.e., asthma, allergies), parent/guardian names, teacher names, teacher home phone numbers and teacher email addresses.
On January 15 GNWT confirmed that “unauthorized access” to PowerSchool’s cloud environment had led to the “theft of records” from the Beaufort Delta Division Education Council, Dehcho Divisional Education Council, South Slave Divisional Education Council, Yellowknife Catholic Schools, and Yellowknife Education District No. 1. GNWT also reported that the breach was not within their network.
“PowerSchool’s investigation determined that an unauthorized party gained access to customer data using a compromised credential. As soon as PowerSchool learned of the incident, they immediately engaged their cybersecurity response protocols. PowerSchool has implemented enhanced security measures and confirmed that the breach has been contained,” said GNWT in their announcement back in January.
Lavoie explained that since that time GNWT has received more updates including just recently this month.
“In May 2025 PowerSchool notified customers that a cybercriminal had contacted some PowerSchool Student Information System customers, such as school districts, as part of the ransomware attack. The GNWT is not aware of any Northwest Territories clients being contacted,” said Lavoie who offered this advice to anyone who was affected:
What to do:
- If you have been affected by the breach and you are asked for ransom do not engage or respond to these requests from the cybercriminal.
- If you receive this type of email, you are encouraged to send it to the Government of Canada Cyber Centre https://www.cyber.gc.ca/en/guidance/ransomware. Do this by attaching the cybercriminal’s email as an attachment instead of just forwarding it. You can also notify your Education Body if you receive this type of email.
- If you have not already done so, register for credit and identity protection services offered by PowerSchool.
The deadline to register is May 30, 2025.
Lavoie added that GNWT “strongly discourages paying ransom.” This policy aligns with the federal government’s public safety recommendations as outlined on their Parliamentary Committee notes on Ransomware.
https://www.publicsafety.gc.ca/cnt/trnsprnc/brfng-mtrls/prlmntry-bndrs/20250226-1/14-en.aspx
The GNWT assured that they will continue to share PowerSchool’s updates and offer guidance on cybersecurity best practices. They said updates will be accessible on their services page dedicated to the PowerSchool cybersecurity incident.
True North FM reached out to Powerschool to ask what issues were identified and how have they been addressed to prevent future data breaches. Melissa Wenzel, a rep with PowerSchool, responded that the organization is asking those affected to review the information on the company website.
“For the latest information on the cybersecurity incident and all PowerSchool is doing to support those affected, please visit: http://www.powerschool.com/security/sis-incident/. You can also find our latest blog post outlining key learnings and the steps we’re taking to further strengthen our security and protect our customers here: https://www.powerschool.com/blog/cybersecurity-commitment/”
