Hackers behind the 2024 cyberattack on PowerSchool have returned, this time going after individual schools. They're now threatening to leak private data unless schools pay them ransom.
PowerSchool is a major digital platform used in the education sector. It provides services to over 17,000 schools in more than 90 countries, helping around 50 million students. In December 2024, the platform suffered a major data breach where hackers managed to steal large amounts of sensitive information. Reports confirmed that the attackers accessed personal data of about 62 million students and 9 million staff members across more than 6,500 school districts in the US and Canada.
At that time, PowerSchool made the controversial decision to pay the attackers in hopes that the stolen data would be deleted. According to the company, it was not a decision taken lightly. They believed that paying the ransom was the best way to keep the private information from being made public. They were told by the hackers—and shown evidence — that the stolen data would be destroyed. However, it now appears that those promises were not kept.
Recently, schools have reported receiving direct messages from cybercriminals, warning them that the stolen data could be released if more ransom is not paid. These threats are based on the same data from the December breach, suggesting that the attackers never deleted it in the first place.
The stolen information includes highly personal details such as names, Social Security Numbers, home addresses, and even health-related information. This kind of data can be used to commit fraud or identity theft, which puts both students and staff at serious risk.
To reduce the chances of identity misuse, PowerSchool is offering two years of free credit and identity monitoring services to those affected. They also expressed regret for the situation and said they are working closely with law enforcement to handle the latest round of threats and prevent further damage.
This situation stresses upon the danger of trusting cybercriminals, even after a ransom is paid. It also shows how long the effects of a data breach can last, especially when sensitive personal information is involved.
