The student information system used by every public school in the state fell victim to a data breach that may have put Alabama students’ medical and grade information at risk, according to the state Department of Education.

Dr. Michael Sibley, communications director for the Education Department, said the agency’s student information system vendor, PowerSchool, notified the department Tuesday afternoon that it “identified a cybersecurity incident where unauthorized access occurred via its community support portal, PowerSource.”

The breach “was traced to a compromised credential granting access to certain customer data in the PowerSchool-managed student information system,” Sibley said.

“This data breach was a direct attack on PowerSchool internationally,” he continued, “and was not a cyberattack directed at the ALSDE or any Alabama school system.”

Sensitive personal information like Social Security numbers for Alabama students and teachers could not have been accessed in the attack because the department does not collect that information, Sibley said.

However, “some medical and grade information for students may have been impacted,” he said.

California-based PowerSchool is used by every public school in the state as a virtual notification and grade system.

The company claimed the data involved in the breach was deleted and not shared or made public, “with reasonable assurances from the threat actor confirming its deletion,” according to Sibley.

In an email to parents, PowerSchool said it “became aware of a potential cybersecurity incident” on Dec. 28.

While the company is offering credit monitoring and identity protection services to those whose sensitive data was compromised, its unclear whether those offers will be extended to Alabama customers because sensitive personal data is not collected or stored in the system.