Student names, addresses exposed in cyber attack on Mississauga, Brampton schools

Names, addresses, birth dates and other critical data such as who is allowed to pick up a student from school, is information that was possibly collected during a recent cyber incident that targeted the Peel District School Board.

The data breach took place in late December and involved software used by PowerSchool, a third-party application that has been adopted by school boards across the country. It has affected schools in Mississauga, Brampton and Caledon and also other school districts in Ontario.

A bulletin sent to families within the Peel public school system confirmed that limited student information was compromised as part of the incident.

Information for students going as far back as 1965 may have been accessed.

The board said the types of student information that may have been affected include:

• Names (first, middle, last)
• Home address and phone numbers
• Date of birth
• Gender
• Peel student number
• Grade level
• Ontario Education Number (OEN)
• School, start/end dates
• Medical alert (e.g., allergies, injuries)
• Family alert (e.g.,  who can pick up the student, additional emergency contacts

Also, teachers and other school board staff may have been affected including names, email addresses, employee number, and where they work.

The cyber incident took place sometime between Dec. 22 and Dec. 28, 2024.

The Dufferin-Peel Catholic District School Board, Toronto District School Board, and Durham District School Board have also confirmed a similar data breach. The information that was accessed appears to differ at each board. Dufferin-Peel has not indicated specifically the information that was compromised.

Meanwhile, the Peel public board said its investigation into the incident continues and explained how it reacted when the breach was discovered.

The board said that PowerSchool has since reported that it received confirmation that the data acquired by the unauthorized user was deleted and that the data was not posted online.

“Our cybersecurity team promptly activated our response plan, taking immediate steps to ensure that our critical systems remained operational,” the board bulletin reads. “Since then, our cybersecurity team has worked with PowerSchool to address this incident and we can now confirm that our system is secure, with no ongoing unauthorized access to any data stored in PowerSchool’s SIS (student information system.”