Wilson's Media

A Tech & Gaming Blog

PowerSchool hackers return, and may not have deleted stolen data as promised

  • A hack on school software provider PowerSchool has put staff and students at risk
  • Individual schools are now being targeted using the same data
  • PowerSchool did pay the ransom, but the data was not wiped

The hackers which struck PowerSchool in 2024 are now reportedly targeting individual schools and extorting them for ransom, threatening to release previously stolen student and staff information.

“PowerSchool is aware that a threat actor has reached out to multiple school district customers in an attempt to extort them using data from the previously reported December 2024 incident,” the organization confirmed.

PowerSchool is a top education software platform with over 17,000 customers spanning 90 countries, and supporting over 50 million students. A cyberattack in December of 2024 led to the personal data of 62 million students and 9 million teachers exfiltrated by attackers, with over 6,500 school districts in the US and Canada affected.

Students at risk

PowerSchool paid the ransom to the cybercriminals in hopes they would wipe the data stolen, but since these recent incidents are using information matching that which was stolen in the December hack, it seems quite clear that this was not the case.

“It was a difficult decision, and one which our leadership team did not make lightly,” the company said.

“But we thought it was the best option for preventing the data from being made public, and we felt it was our duty to take that action. As is always the case with these situations, there was a risk that the bad actors would not delete the data they stole, despite assurances and evidence that were provided to us.”

The exfiltrated data includes personally identifiable information like Social Security Numbers, names, addresses, and even medical information.

As such, the firm recommends anyone affected take advantage of the two years of free credit monitoring and identity theft protection software to mitigate the risks posed by the stolen information.

PowerSchool apologized for the threats posed by the breach, and has confirmed it will continue to work with law enforcement agencies to mitigate the damages and respond to the extortion attempts.

Via BleepingComputer

You might also like


Source

A hack on school software provider PowerSchool has put staff and students at risk Individual schools are now being targeted using the same data PowerSchool did pay the ransom, but the data was not wiped The hackers which struck PowerSchool in 2024 are now reportedly targeting individual schools and extorting…

Tags: ,
Previous Post
Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Archives