Months after education software provider PowerSchool paid a ransom in an effort to secure the deletion of stolen data, multiple school districts report they are now being targeted for extortion by someone claiming that the attacker never erased the Company’s compromised files.
PowerSchool, whose K-12 educational platform supports roughly 60 million students across North America, experienced a significant breach in December 2024. A hacker, using a single stolen credential, gained expansive access to highly sensitive personal information, including students’ Social Security numbers and health data.
In response to the incident, PowerSchool stated at the time that they opted to pay an undisclosed ransom to the hacker, hoping that doing so would prevent the compromised information from ever becoming public. However, the full details of the ransom payment, including the amount, have not been made available.
Earlier this week, the Toronto District School Board, responsible for approximately 240,000 students annually, reported receiving threats from an individual claiming to possess and use the same data that PowerSchool had previously acknowledged was stolen and supposedly deleted. Other districts in North America, including several in North Carolina, have received similar extortion notices.
A representative for PowerSchool confirmed recently that some districts using the company’s educational software have indeed received extortion threats involving the original December breach data. Beth Keebler, a spokesperson for the company, reiterated that this did not represent a new security breach, pointing out that the data samples provided by the extortionist match exactly what was compromised last year.
Security experts and law enforcement agencies typically advise against paying ransoms in cyber incidents since hackers frequently maintain copies of stolen data, often opting to extort victims or sell the information later, regardless of any assurances they may offer.
The company has not said precisely how many people were impacted by the original breach. However, several school districts confirmed the theft involved all their historical student and teacher data. In Toronto’s case, stolen records stretch as far back as 2009, potentially affecting millions of former and current students and educators.
