2 HSD third-party providers report cybersecurity issues

By on Thursday, March 13th, 2025 in Columbia Basin News More Top Stories

HERMISTON – At the March 10 Hermiston School District board meeting, the district’s Director of Business Services Katie Saul mentioned in her report that two of the district’s third-party providers, PowerSchool and Caruth Compliance, had “cybersecurity instances” in December 2024. Information was accessed by a “bad actor” and information from those websites, namely information of school district employees and potentially students, was accessed from their databases.

PowerSchool formerly provided the district student information software. Caruth Compliance is a third-party administrator for the district who handles their 403(b)-retirement plan.

According to a notice on the Caruth Compliance website certain systems on their network were accessed without authorization between December 19 and December 26, 2024, and they provided notice on January 13. PowerSchool on their website said they first became aware of the incident on December 28, 2024.

Both companies are offering those potentially affected by this cybersecurity incident free credit monitoring.

Saul said employees and student families should have received information about this, and she wants them to know it is valid. “Read that information thoroughly, take the steps to access that free credit monitoring.”

Saul clarified that it was not the district itself who was the victim of this cybersecurity incident.