Months after PowerSchool paid a ransom to hackers to secure and delete stolen student and teacher data, schools across North America are now reporting extortion attempts, suggesting the cybercriminals never actually deleted the data as promised. [NBC News; Education Week, subscription model]
Catch up: In December 2024, PowerSchool was hacked using a stolen credential, granting attackers access to vast amounts of sensitive information, including Social Security numbers, health and disciplinary records, and special education status, on students and educators across its customer base of 60 million users. The company paid an undisclosed ransom and received a video of the hackers deleting some of the data.
What’s New
Several school districts are now reporting new ransom demands from what appears to be the same or a connected cybercriminal group. This represents a troubling shift from centralized attacks to targeted extortion of individual school systems, educators, and potentially even families.
- In North Carolina, officials say staff across more than 20 school districts received emails demanding Bitcoin payments in exchange for keeping student data private.
The escalation is especially concerning because it includes outreach to personal email accounts and broad-based targeting with no clear pattern, indicating the hackers are scraping the web for any accessible contacts.
Go Deeper
- PowerSchool Paid Ransom to Hackers After Breach [The Wall Street Journal, subscription model]
- PowerSchool Paid Off Hackers After Huge Breach — Now They’re Extorting Districts [The 74]
- PowerSchool says it paid a ransom in December cyberattack [Axios]
- PowerSchool paid a hacker’s ransom, but now schools say they are being extorted [TechCrunch]
This article is sourced from Whiteboard Notes, our weekly newsletter of the latest education policy and industry news read by thousands of education leaders, investors, grantmakers, and entrepreneurs. Subscribe here.
