A big company that makes technology for schools paid hackers to keep tens of millions of kids’ personal information from getting out. Even so, school districts are being threatened with bribery anyway.
NBC News got a copy of a cybersecurity report that said PowerSchool missed a basic security step. The company was hacked last year, causing one of the biggest breaches of personal data about American children to date. Hackers are said to have asked PowerSchool for an undisclosed payment in return for a video of them saying they would delete the files they had stolen, which contained personal information like some students’ SSNs and health and disciplinary records.
PowerSchool and several school districts said Wednesday that “a threat actor” is using the stolen data to try to get money from schools and school districts in both the U.S. and Canada.
“PowerSchool is aware that a threat actor has reached out to multiple school district customers in an attempt to extort them using data from the previously reported December 2024 incident,” a statement from PowerSchool reads. “We do not believe this is a new incident, as samples of data match the data previously stolen in December.”
In a public notice, Mo Green, Superintendent of the North Carolina Department of Public Instruction, said that extortion emails were sent to public schools across the state on Wednesday morning. He said it looks like the threat actor has the names, contact information, birthdays, medical information, parental information, and sometimes even Social Security numbers of students and workers.
The Peel District School Board in Ontario and the Toronto District School Board are two Canadian school boards that have said they are also victims. This week, the Calgary Board of Education also sent a warning to parents based on information it got from PowerSchool.
Right away, it wasn’t clear who was trying to pressure someone into paying money. PowerSchool said it thinks the threat actor is using data that was stolen in the first incident last year. This means that either the hackers who stole the data are behind the current attempts or they kept it and let other people access it.
Law officials in both the US and Canada have been told about this, and we are working closely with our customers to help them. PowerSchool said in a statement, “We deeply regret these developments. It hurts us that our customers are being threatened and again victimised by bad actors.”
It said, “As is always the case in these situations, there was a chance that the bad guys would not delete the data they stole, even though they gave us assurances and proof.”
It’s not clear if the new move to blackmail other American school districts also failed. PowerSchool wouldn’t say who the victims were, only saying that it knew of “multiple school district customers.” Most states in the U.S. have at least one school system that was affected by the first breach.
PowerSchool is one of the biggest companies in the field of educational technology, which grew a lot during the Covid plague and uses software to make school work easier. The company’s servers kept records of kids’ names, family members, addresses, and birthdays as part of one of its main programs that helps school districts keep track of them.
About The Author
More Stories
Hackers Demand Ransom from School Districts Following Education Technology Data Leak
Hackers Demand Ransom from School Districts Following Education Technology Data Leak
Hackers Demand Ransom from School Districts Following Education Technology Data Leak