Data Breach Defined
A breach refers to the unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of covered information maintained by an operator or school.
Parents will be notified of breaches of covered information within 30 calendar days of receipt of notice that a breach has occurred. Notification may be delayed if this would interfere with a criminal investigation. Notification will include, but is not limited to:
- The date of the breach
- The description of the covered information that was compromised
- Information that the parent may use to contact the operator and the school about the breach
- Toll-free numbers and other information for consumer reporting agencies
- Toll-free numbers and other information for the Federal Trade Commission (FTC)
- A statement that the parent may obtain information from the FTC and consumer reporting agencies about fraud alerts and security freezes.
Breach Notifications
Data breaches that meet the threshold set by the Student Online Personal Protection Act will be posted below as soon as the district is notified.
- January 7, 2025: PowerSchool, the vendor providing IMSA’s Student Information System, notified IMSA and their other customers of a nationwide data breach attributed to a December 22, 2024 action from an unauthorized individual gaining administrative access to PowerSchool data through a vulnerability in PowerSchool’s support portal. Here is an article about the incident from the Register.
- July 12, 2023: wiris MathType. IMSA received notification from a software provider (wiris MathType) of a breach of their system. The breach only impacted users who contacted the vendor between July 7 and 9, 2023. The vendor provided a breach notification via email, to IMSA, about the incident.
IMSA encourages anyone concerned about suspected or proven data breaches to read and report it using the Federal Trade Commission (FTC)’s directions about how to report fraud.