Cyber Incident Victim: Orchard View School District

On or around March 14, 2019, Orchard View Schools in Michigan discovered unauthorized access to its PowerSchool student information system. Superintendent Jim Nielsen publicly disclosed the breach through the district’s Facebook page and official website, confirming the incident occurred the prior week. An investigation revealed that attackers had altered student grades and attendance records. The breach appeared confined to Orchard View High School, with no evidence of broader system compromise. While the district confirmed unauthorized data modifications, specific details regarding the number of altered records or affected students were not disclosed. The perpetrators were identified as students within the district, though their identities and precise methods of accessing PowerSchool remained unspecified.

Orchard View Schools notified parents of students directly impacted by the grade and attendance alterations but did not publicly confirm whether law enforcement agencies were involved. BleepingComputer contacted the district seeking clarification on whether the students modified only their own records or those of others, but Superintendent Nielsen declined to provide additional details beyond the initial statement. The district took immediate action to investigate and contain the breach upon detection, though specific technical containment measures were not described. Historical context indicates this incident followed similar student-led attacks, including a 2017 grade-changing hack in Tenafly, New Jersey, and a 2018 breach at Bloomfield Hills High School involving grade, attendance, and lunch balance modifications. The district’s public communications emphasized the localized scope of the incident while maintaining operational transparency about the nature of the unauthorized access.