![[Weekly funding roundup May 3-9] VC inflow into Indian startups touches new high](https://images.yourstory.com/cs/2/220356402d6d11e9aa979329348d4c3e/WeeklyFundingRoundupNewLogo1-1739546168054.jpg)
PowerSchool hackers return, and may not have deleted stolen data as promised
Individual school districts are now being extorted.
- A hack on school software provider PowerSchool has put staff and students at risk
- Individual schools are now being targeted using the same data
- PowerSchool did pay the ransom, but the data was not wiped
The hackers which struck PowerSchool in 2024 are now reportedly targeting individual schools and extorting them for ransom, threatening to release previously stolen student and staff information.
“PowerSchool is aware that a threat actor has reached out to multiple school district customers in an attempt to extort them using data from the previously reported December 2024 incident,” the organization confirmed.
PowerSchool is a top education software platform with over 17,000 customers spanning 90 countries, and supporting over 50 million students. A cyberattack in December of 2024 led to the personal data of 62 million students and 9 million teachers exfiltrated by attackers, with over 6,500 school districts in the US and Canada affected.
Save up to 68% for TechRadar readers!
TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.
Preferred partner (What does this mean?)View Deal
Students at risk
PowerSchool paid the ransom to the cybercriminals in hopes they would wipe the data stolen, but since these recent incidents are using information matching that which was stolen in the December hack, it seems quite clear that this was not the case.
“It was a difficult decision, and one which our leadership team did not make lightly," the company said.
"But we thought it was the best option for preventing the data from being made public, and we felt it was our duty to take that action. As is always the case with these situations, there was a risk that the bad actors would not delete the data they stole, despite assurances and evidence that were provided to us.”
The exfiltrated data includes personally identifiable information like Social Security Numbers, names, addresses, and even medical information.
As such, the firm recommends anyone affected take advantage of the two years of free credit monitoring and identity theft protection software to mitigate the risks posed by the stolen information.
PowerSchool apologized for the threats posed by the breach, and has confirmed it will continue to work with law enforcement agencies to mitigate the damages and respond to the extortion attempts.
Via BleepingComputer
You might also like
- Take a look at our picks for the best malware removal software around
- Check out our choice for best antivirus software
- PowerSchool hit by cyberattack which saw student and teacher data stolen
