PowerSchool Pays Ransom to Hacker: Schools Now Face Ongoing Extortion Threat
In a troubling development following a significant data breach, PowerSchool, a leading education software provider, is facing new extortion threats after a hacker allegedly retained stolen student data. This alarming situation highlights the ongoing risks associated with cybersecurity breaches in the education sector.
Background of the PowerSchool Data Breach
In December 2024, PowerSchool fell victim to a cyberattack initiated through a compromised credential. This breach provided hackers with extensive access to sensitive information, including:
- Personally identifiable information (PII) of students and teachers
- Social Security numbers
- Health data
PowerSchool serves over 60 million students across North America, making the implications of this breach particularly concerning. Following the attack, the company disclosed that it paid a ransom to ensure the deletion of the stolen data but has not revealed the amount paid.
New Extortion Threats to School Districts
Recently, the Toronto District School Board, which serves approximately 240,000 students annually, reported receiving a ransom demand referencing data from the December breach. The situation has escalated as additional school districts in North Carolina and elsewhere have also reported similar extortion attempts.
PowerSchool’s Response to the Extortion Attempts
In a statement to clients, PowerSchool acknowledged the new threats, clarifying that they believe the current extortion attempts involve data that was previously compromised. Beth Keebler, a spokesperson for PowerSchool, emphasized that the data samples used in the extortion match those stolen in December.
The Risks of Paying Ransoms
Experts in cybersecurity and law enforcement agencies often advise against paying ransoms, as there is no assurance that hackers will fulfill their promises to delete stolen data. Historical evidence shows that many cybercriminals retain copies of the data, leading to further extortion attempts against victims.
Impact on Affected School Districts
While PowerSchool has not disclosed the total number of individuals affected by the breach, several school districts have indicated that all of their historical data, including student and teacher records, was compromised. In the case of Toronto’s school district, the stolen records date back to at least 2009, potentially impacting millions.
For more insights into cybersecurity in the education sector, visit Education Week’s analysis of cybersecurity in schools.
This ongoing saga serves as a stark reminder of the critical importance of robust cybersecurity measures in safeguarding sensitive data within educational institutions.
