One of the largest hacks of US schools continues as teachers across the country say that threat actors are extorting them for more money and threatening to release the data.
“We received about 50 emails to various employees at the department of public instruction and confirmed that 20 local education agencies were contacted through emails,” Vanessa Wrenn, chief information officer for the North Carolina department of public instruction, tells North Carolina’s WXII.
The December 2024 breach compromised the data of an estimated 62 million children and 9.5 million teachers via the education tech platform PowerSchool. The company confirmed the attack and paid an undisclosed ransom in exchange for a video of the hackers deleting the data, which we are now learning did not happen.
“As is always the case with these situations, there was a risk that the bad actors would not delete the data they stole, despite assurances and evidence that were provided to us,” says PowerSchool. “We sincerely regret these developments – it pains us that our customers are being threatened and re-victimized by bad actors.”
The data varies by school, but information such as student and parent names, ethnicity, home addresses, GPAs, email addresses, and Social Security numbers were exposed. The hackers are now requesting additional ransoms from individual schools for this data, as one Toronto district outlined in a letter this week to parents and guardians.
“In this case, even after a ransom was paid, attackers reportedly continued targeting individual school districts for additional payouts,” Dr. Darren Williams, CEO of ransomware prevention platform BlackFog, tells us. “That’s the harsh reality of double extortion: once data is stolen, threat actors hold the upper hand indefinitely.”
PowerSchool says the fresh threats do not contain new data and that there is no evidence of another breach. The company says it has reported incidents from “multiple school districts” to law enforcement in the US and Canada. It’s unclear if anything can be done to stop the threat actors, whose identity remains unknown.
Recommended by Our Editors
Threat actors know “that victims are likely to pay under pressure,” Williams adds, allowing them to “push the limits” to get the most money per incident.
PowerSchool has over 18,000 clients, covering 75% of K-12 students across North America and 60 million in the US, News reports. It is a public company, acquired by Bain Capital in 2024 for $5.6 billion.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Emily Forlini
Senior Reporter
