Schools in Rose Hill, Buhler and Andover are among schools in Kansas that were affected by a cyberattack against an information program called PowerSchool.

PowerSchool is a student information system.  In December 2024, a PowerSchool employee’s credentials were compromised, allowing unauthorized access to data stored in their global Student Information System (SIS). This breach impacted districts nationwide and internationally, including many in Kansas. PowerSchool became aware of the breach on December 28, 2024, and immediately took action, including notifying law enforcement, securing the system, and engaging cybersecurity experts to investigate and respond.

Rose Hill school officials said in a notification to students and parents that the accessed data may include names, addresses and phone numbers, along with student health and grade information.   The breach did not gain access to passwords, Social Security numbers, financial information or photographs.

PowerSchool has assured that the incident is contained, and there is no evidence of malware or continued unauthorized activity.  The data obtained has been deleted without replication or dissemination. They are actively monitoring the dark web to ensure it is not shared or misused, and there is no expected operational disruption to their services.

PowerSchool told school officials that it will provide credit monitoring services for affected adults and identity protection services for affected minors.