In December 2024, PowerSchool, a central educational tech platform, became the target of one of the largest breaches in the history of US schools. The breach affected approximately 62 million students and 9.5 million teachers across the US and Canada. Initially, the company paid a ransom to prevent further damage. Still, as the aftermath unfolds, the situation has taken an even darker turn: the attackers are now targeting teachers with extortion demands. Hackers threaten to release the stolen data unless additional payments are made.
What’s Happening & Why This Matters
The breach compromised a vast amount of sensitive information, including student and parent names, addresses, GPAs, Social Security numbers, and email addresses. To reduce further harm, PowerSchool reportedly paid the attackers a ransom. However, despite assurances from the hackers that the data would be deleted, it quickly became apparent that these assurances were nothing more than a cover-up. The bad actors have continued to threaten schools and individuals, extorting additional funds.
Vanessa Wrenn, the chief information officer for the North Carolina Department of Public Instruction, confirmed that emails were sent to various public schools and local educational agencies, demanding payment. The attackers have resumed their threats despite the ransom payment, demanding further payments for the compromised data. Dr. Darren Williams, CEO of the ransomware prevention platform BlackFog, explains that this type of attack is known as “double extortion.” In such cases, attackers steal data and continue to hold it hostage, demanding additional payouts as long as the data remains valuable.
The damage from this attack continues to be felt across North America, with PowerSchool’s clients —including 75% of K-12 students in the US — still under threat. The company has confirmed that the recent threats are not from a new breach; instead, the stolen data continues to be used against schools.
PowerSchool’s Response & The Ongoing Risk
PowerSchool has reported incidents to law enforcement across the US and Canada in response to these new threats. However, as the attackers’ identities remain unknown, it is unclear if authorities can prevent further extortion attempts. PowerSchool has reassured its clients that no new data has been stolen, but the extent of the breach and the persistence of the attackers raise questions about the platform’s security.
The attack’s repercussions go beyond the initial breach. With more than 18,000 clients, PowerSchool serves a vast portion of North America’s educational sector. This means that millions of students and educators are caught in the crossfire of this ongoing extortion. Moreover, PowerSchool’s status as a publicly traded company, with a $5.6 billion acquisition by Bain Capital in 2024, adds another layer of complexity to the situation.
The targeting of individual school districts for further ransom payments exposes educational institutions to cybercrime. PowerSchool’s CEO expressed regret over the situation, emphasizing the distress caused to customers who are now facing re-victimization.
TF Summary: What’s Next
The attack on PowerSchool warns about the risks of data breaches in the education sector. Despite paying a ransom, the attackers’ persistence undermined the company’s efforts to protect its customers. Now that schools are targets, it is clear that the cycle of extortion will continue to affect educators and students without further action.
Law enforcement is working alongside educational platforms to ensure the safety and security of our most sensitive, private data.
— Text-to-Speech (TTS) provided by gspeech