×
The report highlights several root causes that led to the privacy breach at Prairie Spirit, including the school division's over-collection of personal information such as Social Insurance Numbers and health service numbers. (welcomia / Depositphotos.com)

Privacy report shines light on 2024 Sask. school division cyberattack

By Roman Hayter Aug 25, 2025 | 5:41 PM

A new report from the Office of the Saskatchewan Privacy Commissioner is shedding some light on a 2024 cyberattack incident that compromised Prairie Spirit School division data.

In late 2024, schools across the country experienced a cyberattack that targeted a longstanding program widely used among school staff.

Read more:

PowerSchool is an online program that is used by school divisions to help manage and organize student data such as grades and attendance records and is even used to help facilitate communications between educators, parents, and students.

According to the commissioner’s report, a threat actor gained access to PowerSchool’s systems and exfiltrated data, which included the personal information of Prairie Spirit teachers and students.

A threat actor is either a person or a group of people that take part in malicious acts in the cyber realm, including computers, devices, systems, or networks.

When it comes to some of the information hackers were able to obtain, Prairie Spirit noted things such as Social Insurance Numbers, health service numbers, addresses, dates of birth, students’ names, and the names of parents, as well as the name of their doctor.

The Prairie Spirit School Division stated that 28,635 student records and 4,130 teacher records were impacted.

The report highlights several root causes that led to the privacy breach, such as a lack of multi-factor authentication, a failure to delete data pursuant to an agreement between Prairie Spirit and PowerSchool, and Prairie Spirit’s over-collection of personal information such as Social Insurance Numbers and health service numbers.

The report said Prairie Spirit had cancelled its subscription with PowerSchool in 2022 and after several requests again asked PowerSchool to purge the data in March 2024.

The division did not get a firm confirmation the data had been purged, the report said, and instead Prairie Spirit was content with a May 2024 notification from PowerSchool that the database had been “disabled”.

Following the report, the commissioner made several recommendations to prevent a similar incident from happening in the future, such as Prairie Spirit ensuring that its written agreements with information management service providers meet the requirements of the Local Authority Freedom of Information and Protection of Privacy Act, including section 23.2 and section 8.2 of the Local Authority Freedom of Information and Protection of Privacy Regulations.

— with files from CKOM News

Read more:

Discover more on CKOM.com

More
Listen Live
On Air Now
The Green Zone Encore
10:00 PM - 12:00 AM

NOW TRENDING

More

OPINION

Murray Wood: You just can't hit every goose

Murray Wood says hunting is a lot like being a sports fan, because you'll never be 100 per cent successful. Wood compare...
Read More

Sarah Mills: Snarky online reviews don't help businesses improve

Leaving a negative review online is an easy thing to do. In today's Mills Minute, Sarah Mills says it is harder - but fa...
Read More

LATEST WEATHER

Talk Shots on 650 CKOM

TODAY ON EVAN BRAY

The Evan Bray Show - Monday, August 25

Evan chats with law experts on the use of force, a Regina Esports legend, a golf enthusiast who plans to play on every g...
Read More
To send a news tip to the 650 CKOM newsroom, text 1-877-332-8255.