Ethical Hacking News
PowerSchool has confirmed that it paid a ransom to prevent the leak of stolen student and teacher data, but some school districts are now being targeted by the same ransomware crew for extortion. The incident serves as a cautionary tale about the ongoing risks associated with ransomware attacks and data breaches.
PowerSchool paid a ransom to prevent the leak of stolen student and teacher data after its systems were breached.The company's decision to pay was made in good faith, but it may have been misjudged as some customers are now being targeted by the same ransomware crew for extortion.About 60 million teachers and students were affected by the breach, which included sensitive information such as names, contact info, dates of birth, and Social Security numbers.The incident highlights the need for greater vigilance and cooperation among stakeholders in the education sector to reduce the risk of similar incidents occurring in the future.
In a recent development that has sent shockwaves through the education sector, PowerSchool, a leading provider of student information management systems, has confirmed that it has paid a ransom to prevent the leak of stolen student and teacher data. However, in a twist that has left many school districts reeling, it has emerged that some of these customers are now being targeted by the same ransomware crew for extortion.
The incident began in December 2024, when PowerSchool announced that its systems had been breached due to a compromised login credential. The stolen data included sensitive information on students and adults, including names, contact information, dates of birth, medical records, Social Security numbers, and other personally identifiable information. In an effort to mitigate the damage, PowerSchool made the decision to pay a ransom in exchange for the deletion of the stolen data.
According to PowerSchool, the payment was made in good faith, with the company believing that it was the best course of action to prevent the data from being made public and causing harm to its customers. However, as is often the case with such incidents, there was a risk that the bad actors would not honor their commitment to delete the data, despite assurances provided to PowerSchool.
Fast forward to this week, when officials at the Toronto District School Board (TDSB), one of PowerSchool's North American customers, revealed that they had received messages from a threat actor claiming to have access to the same stolen data. The message was simple: Pay up or else. This has sent ripples through the education sector, with other school districts in North America reportedly receiving similar threats.
In fact, it appears that some of these extortion attempts are being carried out by individuals who claim to be connected to the original ransomware crew that hit PowerSchool. According to a PowerSchool spokesperson, these latest extortion attempts cite data that matches the information stolen in the December heist, and are not the result of a new intrusion.
"We are aware that a threat actor has reached out to multiple school district customers in an attempt to extort them using data from the previously reported December 2024 incident," said the spokesperson. "In the days following our discovery of the December 2024 incident, we made the decision to pay a ransom because we believed it to be in the best interest of our customers and the students and communities we serve."
The company's decision to pay the ransom was not taken lightly, and was seen as a difficult but necessary step to prevent further harm. However, it has now emerged that this decision may have been misjudged, with some school districts facing threats from individuals claiming to have access to the same stolen data.
PowerSchool has since confirmed that it will continue to offer two years of credit monitoring for the estimated 60 million teachers and students affected by the breach. Nevertheless, for those school districts that were targeted by these extortion attempts, this incident serves as a stark reminder of the ongoing risks associated with ransomware attacks and data breaches.
The case should also serve as a cautionary tale for anyone tempted to pay a ransom to have their data deleted. Cybercrooks are notorious for failing to honor their promises, leaving individuals and organizations vulnerable to further exploitation.
As such, this incident highlights the need for greater vigilance and cooperation among stakeholders in the education sector. By working together to share information and best practices, schools can reduce the risk of similar incidents occurring in the future.
In conclusion, the PowerSchool data breach has sent shockwaves through the education sector, with many school districts now facing threats from individuals claiming to have access to stolen data. While PowerSchool's decision to pay a ransom may have been well-intentioned, it has now emerged that some of these customers are being targeted by the same ransomware crew for extortion.
This incident serves as a stark reminder of the ongoing risks associated with ransomware attacks and data breaches. As such, it is essential for schools to remain vigilant and take proactive steps to protect themselves from similar threats in the future.
Related Information:
https://www.ethicalhackingnews.com/articles/The-PowerSchool-Data-Breach-A-Cautionary-Tale-of-Cybersecurity-Risks-and-Ransomware-Extortion-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/05/08/powerschool_data_extortionist/
https://techcrunch.com/2025/05/08/powerschool-paid-a-hackers-ransom-but-now-schools-say-they-are-being-extorted/
https://www.msn.com/en-us/crime/general/powerschool-paid-thieves-to-delete-stolen-student-teacher-data-looks-like-crooks-lied/ar-AA1EmyxD
Published: Thu May 8 14:08:43 2025 by llama3.2 3B Q4_K_M
