WHEATLAND – Stringent security measures protected PCSD No. 1 from a nationwide PowerSchool breach in December of last year.
Ryan Gonzales, technology director for Platte County School District No. 1 informed the school board, thanks to many additional security measures taken by his department, the district was not one of the districts impacted by a nationwide breach of the widely used PowerSchool system late last year.
PowerSchool allegedly became aware of a possible security incident on Dec. 28, which stated someone may have gained unauthorized access to its PowerSource service, a customer support portal which holds student and teacher data (including names and addresses). Investigations quickly confirmed the breach and it was also discovered social security numbers and medical data may have been exposed.

It appears the person or entity responsible, known as a “threat actor,” used a third party app to steal login credentials from someone at the company, which they then used to log in to the system and steal data.
However, thanks to Gonzales’ “trust no one” take on cybersecurity for the district, and extra preventative measures he and his team have taken, PCSD No. 1 had no information accessed by the threat actor.
Gonzales explained some of these extra measures in more detail. He said PCSD No. 1 uses advanced antivirus software and open source programs, some of which even allow the school to view their servers in real time and watch for security issues. The district also uses a state managed enterprise firewall, which Gonzales believes was what really protected the district from the PowerSchool breach. This firewall is able to block access from specific countries including Ukraine, which is where the IP address involved in the data breach was from.
Gonzales also told the board of trustees, the district does not allow remote access, except through VPN with multi factor authentication, a requirement for insurance. He also stated, whenever a third-party vendor is on site accessing systems, they are observed while they work.
Asked if two-factor authentication was going to become a requirement for school email access, Gonzales replied, “Unfortunately, I think it’s coming sooner rather than later, for everyone.”
Cyber security is a constantly evolving field that changes with each new threat assessed. Due largely to the diligence of Mr. Gonzales and his team in the district, this breach was unable to impact Wheatland and Glendo schools, and the personal information of staff and students remained secure.