Skip to main content
Ministry of Education New Zealand

Welcome to the February edition of the Digital Download - your ICT specific information from the Ministry of Education.

SMS vendor breached, millions of students’ sensitive data leaked#

PowerSchool, a major SMS provider in North America, was breached in late December. It appears an overseas attacker gained access to a maintenance account and took student and teacher details. Reportedly over 62 million students and 9.5 million teachers’ information were taken for ransom.

Information included medical information, custodial and legal information, as well as some social security numbers. This attack affected schools with both on-premises and cloud versions of the tool. The Ministry does not think any NZ schools are affected.

PowerSchool Cyber Security Incident

While you can’t guarantee against a cyber attack, below are three tips to reduce the likelihood or impact of an incident:

  1. Check your incident response plan is up to date, so your school knows what to do if you experience an incident.
  2. Turn on two-factor authentication wherever it’s available.
  3. Review Safer Technologies for Schools (ST4S) reports for the software you’re using in your school.

Learn about ST4S

Scholastic breach contained 8 million records#

In January, media reported Scholastic had been breached with 8 million records including US-based educators and parents. The data includes names, phone numbers, emails, and home addresses.

While Scholastic is widely used in New Zealand schools and early childhood centres, Scholastic NZ advised the Ministry that no New Zealand accounts have been breached. The attacker reportedly gained access from password stealing malware on a staff member’s computer.

While New Zealand accounts aren’t affected, it’s a timely reminder to review your security. We recommend you:

  1. check your anti-virus is up to date on all computers you support
  2. turn on two-factor authentication for all staff.

Using two-factor authentication at school

Phishing campaign using Microsoft Forms#

A phishing campaign is targeting NZ schools and EdTech organisations. The email comes from a valid email address containing school links and logos and with a link to Microsoft Forms or Mailchimp pages. It then asks you to log in to view an invoice, which is how the attacker is stealing login details. While phishing emails are a common occurrence, this one has been particularly successful.

Phishing email scam circulating in some schools – Network for Learning

To help protect your school against phishing campaigns, join N4L's email protection:

N4L's Email Protection – Network for Learning

Safer Internet Day#

The international Safer Internet Day was on 11 February, which can be a tricky time of year for NZ schools to participate. Luckily Netsafe has free resources on online safety and critical thinking in the digital world which is available for schools all year around.

Resources for all year levels are available on the Education Kete or on Netsafe’s Safer Internet Day page.

Safer Internet Day 2025 – Netsafe

Mōhiohio anō

More information

If you know someone else who would be interested in this newsletter, share this page with them or send them our subscribe link:

Subscribe now

In this issue