PowerSchool paid a hacker’s ransom, but now schools say they are being extorted

Months aft the hacked acquisition bundle shaper PowerSchool paid a hacker’s ransom to delete the company’s banks of stolen pupil data, astatine slightest 1 schoolhouse territory says it is present being extorted by idiosyncratic who said the information was not destroyed.

PowerSchool, which provides its K-12 bundle to thousands of schools to enactment 60 cardinal students crossed North America, was hacked successful December 2024 utilizing a azygous stolen credential, which allowed a hacker wide access to PowerSchool’s stores of personally identifiable pupil and teacher data, including Social Security numbers and wellness data.

The institution said astatine the clip that it had paid the hacker a ransom to allegedly delete the stolen data, but it has repeatedly refused to disclose the sum it paid.

Now, Toronto’s territory schoolhouse board, which serves astir 240,000 students each year, said in a statement that earlier this week it had “received a connection from a menace histrion demanding a ransom utilizing information from the antecedently reported incident.” 

Several different schools successful North America received extortion notes, including crossed North Carolina, per section media. 

PowerSchool confirmed that it had paid the ransom astatine the time, saying the institution “thought it was the champion enactment for preventing the information from being made public.” 

Some cybersecurity professionals and instrumentality enforcement person agelong discouraged victims from paying a ransom arsenic determination are nary guarantees that the hackers volition instrumentality to their connection erstwhile claiming to delete stolen data. As evidenced by past ransomware and extortion incidents, immoderate gangs were aboriginal recovered to person retained immense amounts of stolen unfortunate data, often to revictimize affected individuals with further extortion attempts.

In a connection shared with customers this week, seen by TechCrunch, PowerSchool said it “recently became alert that a menace histrion has reached retired to immoderate PowerSchool SIS customers successful an effort to extort them utilizing data” from the December 2024 breach.

Beth Keebler, a spokesperson for PowerSchool, told TechCrunch that the institution does not deliberation this is simply a caller incidental due to the fact that “samples of information lucifer the information antecedently stolen successful December.”

PowerSchool has not yet said however galore individuals are affected by its information breach. Several schoolhouse districts that utilized PowerSchool astatine the clip of the breach told TechCrunch that “all” of their humanities pupil and teacher information was compromised

In the lawsuit of Toronto’s schoolhouse district, the stolen records day backmost to astatine slightest 2009 and are apt to impact millions of people.