TDSB Reports Renewed Cyber Threat After PowerSchool Data Breach
The Toronto District School Board (TDSB) has alerted parents and staff about a renewed cyber extortion attempt tied to the PowerSchool data breach, weeks after the education tech firm believed it had resolved the issue by paying a ransom.
Despite PowerSchool’s earlier payment to the attacker, a new ransom demand has emerged, this time targeting school districts directly. TDSB confirmed that it received one of these demands, with the threat actor claiming to still possess data stolen in the original December 2024 incident.
Details of the Original PowerSchool Breach
Between December 22 and 28, 2024, PowerSchool, which serves over 6,500 educational institutions across North America, suffered a ransomware attack. The breach impacted many clients, including Ontario’s largest school board, TDSB.
PowerSchool informed affected districts on January 7, 2025. At that time, the company paid a ransom and received a video allegedly proving that the stolen data had been deleted. This led the company to believe the situation was under control.
A Second Ransom Attempt
However, that assumption has now been challenged. TDSB Director of Education Clayton La Touche issued a letter confirming that the board received a new extortion message. The attacker claimed to still have sensitive data from the breach and requested additional payment.
La Touche explained that the compromised application stores a wide range of student information and limited school staff data. According to sources, at least four other school boards have received similar threats.
PowerSchool has not disclosed the total number of affected customers but acknowledged the renewed threats in a public statement. The company said it is supporting all impacted clients.
TDSB’s Response Measures
In response to the renewed threat, TDSB activated its cybersecurity response plan and is working with PowerSchool to investigate the situation thoroughly. The board is still assessing what information may have been accessed or exported.
PowerSchool stated that the data accessed by the hacker had been deleted and no copies were found online. However, the new ransom messages have raised doubts about the validity of that claim.
TDSB has reported the incident to the Information and Privacy Commissioner of Ontario and pledged to notify the public if any personal data is confirmed to be compromised.
“We understand that this news may cause concern and are doing everything possible to gather accurate information from PowerSchool,” La Touche said in his letter.
PowerSchool’s Statement and Actions
PowerSchool maintains that this is not a new breach. The company said the latest data samples match those taken in December, indicating a continuation of the original attack rather than a new one.
Law enforcement agencies in both Canada and the United States have been informed. PowerSchool also notified all schools using its Student Information System (SIS).
The company said it regrets that its clients are being targeted again and acknowledged the tough decision to pay the initial ransom. “We believed paying was in the best interest of our customers, students, and communities,” the statement said.
While the hacker provided a video showing data deletion, PowerSchool admitted there was always a risk the attacker would break the agreement.
Support for Affected Users
To help school communities deal with potential fallout, PowerSchool is offering credit monitoring and identity protection for two years to all students and staff of SIS customers, whether or not their individual data was involved.
The company said it remains committed to transparency and is working to rebuild trust.
Impact on the Education Sector
This incident has highlighted the need for stronger cybersecurity in education. School boards will likely reassess their data protection strategies and vendor relationships.
As the investigation continues, students, parents, and staff remain uncertain about the extent of the exposure and await further updates.
TDSB assured stakeholders that more information will be shared as it becomes available. “We will continue to update the community as we learn more,” La Touche stated.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
