Dear Big Horn County 3 Parents and Guardians:

We are writing to make you aware of a recent cybersecurity incident involving PowerSchool, a software vendor which provides our Student Information System (SIS). 

On Tuesday, January 7, 2025, PowerSchool informed Big Horn County 3 leadership team that they experienced a cybersecurity incident involving unauthorized access to certain PowerSchool SIS customer data. Unfortunately, they have confirmed that the information belongs to some of Big Horn County School District #3's families and educators.

PowerSchool informed us that the taken data primarily includes parent and student contact information with data elements such as name and address information. Across their customer base, they have determined that for a portion of individuals, some personally identifiable information (PII), such as social security numbers (SSN) and medical information, was impacted. They are working with urgency to complete their investigation and determine whether PII belonging to our students was included. We will be staying vigilant and reviewing any related accounts for unusual activity as a precaution. We are working closely with the State of Wyoming Cyber Assistant Response Effort (CARE) as well as the Wyoming Department of Education (WDE) through this breach.

Protecting our students is something we take seriously. With PowerSchool's help, more information and resources (including credit monitoring or identity protection services, if applicable) will be provided to you as it becomes available.

Please keep in mind that this breach is a third party vendor breach. It is NOT related to Big Horn County 3's network security. While we have several systems in place to protect student data, this breach was out of our control.

If you have additional questions, please email us at: bgh3cyber@bgh3.k12.wy.us

Please read the following FAQs from PowerSchool regarding this incident. 

PS Cybersecurity Incident Public Statement 

Thank you for your patience and understanding.

Sincerely,

Superintendent Mark Fritz

It shall be the responsibility of all District employees to supervise and monitor usage of the online computer network and access to the Internet in accordance with this policy and the Children’s Internet Protection Act. Procedures for the disabling, filtering or otherwise modification of any technology protection measures shall be the responsibility of the Technology Director or designated representatives. To request modification:

1. Follow the district’s chain of communication process to alert building administration via a written request or email of desired changes and associated rationale for the proposed changes to the District’s filtering software. Requests may be made anonymously.

2. Building administrators may approve the request or deny the request via written response or email citing:

• Student Internet Safety Concerns CIPA

  • Student Data Privacy Concerns

  • Lack of instructional value or need

  • Potential for misuse

  • Infrastructure Requirements (ex. bandwidth, hardware, etc.)

  • Financial Implications

  • Logistical or management concerns

3. Requests for access shall be granted or denied within three (3) school days in most cases.

4. An appeal of the decision to grant or deny access to a web site may be made in writing
   to the Board of Education. Persons who wish to remain anonymous may mail an anonymous request for review to the Board of Education at the School District’s Central Office, stating the web site that they would like to access and providing any additional detail the person wishes to disclose.

5. In case of an appeal, the Board of Education will review the contested material and make a determination.

6. Material subject to the complaint will not be unblocked pending this review process.In the event that a District student or employee feels that a web site or web content that is available to District students through District Internet access is obscene, child pornography, or “harmful to minors” as defined by CIPA or material which is otherwise inappropriate for District students, the process described above should be followed, except any decision to filter or block web content will be made within thirty (30) days.

Penalty
Violations of acceptable use may result in a loss of access as well as legal and/or disciplinary action including recommendations for suspension and/or expulsion. 

• Employee Use of Social Media Sites

• School District Website publishing

• User Agreement and Parental Permission Form

• Computer Assisted Instruction Policy