PowerSchool hackers return, and may not have deleted stolen data as promised

schools
(Image credit: Shutterstock.com / Jacob Lund)

  • A hack on school software provider PowerSchool has put staff and students at risk
  • Individual schools are now being targeted using the same data
  • PowerSchool did pay the ransom, but the data was not wiped

The hackers which struck PowerSchool in 2024 are now reportedly targeting individual schools and extorting them for ransom, threatening to release previously stolen student and staff information.

“PowerSchool is aware that a threat actor has reached out to multiple school district customers in an attempt to extort them using data from the previously reported December 2024 incident,” the organization confirmed.

PowerSchool is a top education software platform with over 17,000 customers spanning 90 countries, and supporting over 50 million students. A cyberattack in December of 2024 led to the personal data of 62 million students and 9 million teachers exfiltrated by attackers, with over 6,500 school districts in the US and Canada affected.

Save up to 68% for TechRadar readers!

Save up to 68% for TechRadar readers!

TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.

Preferred partner (What does this mean?)

Students at risk

PowerSchool paid the ransom to the cybercriminals in hopes they would wipe the data stolen, but since these recent incidents are using information matching that which was stolen in the December hack, it seems quite clear that this was not the case.

“It was a difficult decision, and one which our leadership team did not make lightly," the company said.

"But we thought it was the best option for preventing the data from being made public, and we felt it was our duty to take that action. As is always the case with these situations, there was a risk that the bad actors would not delete the data they stole, despite assurances and evidence that were provided to us.”

The exfiltrated data includes personally identifiable information like Social Security Numbers, names, addresses, and even medical information.

As such, the firm recommends anyone affected take advantage of the two years of free credit monitoring and identity theft protection software to mitigate the risks posed by the stolen information.

PowerSchool apologized for the threats posed by the breach, and has confirmed it will continue to work with law enforcement agencies to mitigate the damages and respond to the extortion attempts.

Via BleepingComputer

You might also like

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.