PowerSchool, a prominent provider of K–12 education software, is alerting school districts that the hacker responsible for its December 2024 data breach is now directly extorting individual schools.
The threat actor is demanding ransoms under the threat of releasing previously stolen student and teacher data.
PowerSchool acknowledged that the extortion attempts are linked to the earlier breach, with data samples matching those stolen in December. The company emphasized that this is not a new incident and has reported the matter to law enforcement agencies in both the United States and Canada. PowerSchool expressed deep regret over the situation, stating, "It pains us that our customers are being threatened and re-victimized by bad actors."
The December breach was initially detected on December 28, 2024, but investigations revealed that unauthorized access occurred as early as August and September 2024. Attackers exploited compromised credentials to access PowerSchool's PowerSource customer support portal, which included a remote maintenance tool. This access allowed them to connect to and download sensitive data from school districts' databases. The stolen information varied by district but could include full names, addresses, Social Security numbers, medical data, grades, and contact details. The hacker claimed to have exfiltrated data from 6,505 school districts, affecting approximately 62.4 million students and 9.5 million teachers.
In an effort to prevent the public release of the stolen data, PowerSchool made the difficult decision to pay a ransom. The company received a video from the threat actor claiming the data had been deleted. However, the recent extortion attempts suggest that the data may still be in the possession of the hacker. This situation underscores the risks associated with paying ransoms, as there is no guarantee that threat actors will honor their commitments.
PowerSchool is offering two years of complimentary credit monitoring and identity protection services to affected students and educators. The company continues to work closely with law enforcement and is providing support to impacted school districts. They have also engaged cybersecurity firm CrowdStrike to conduct a thorough investigation into the breach. As of now, PowerSchool has not disclosed the total number of individuals affected but has committed to transparency as more information becomes available.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
