PowerSchool, a major education technology provider, experienced a significant data breach last year, compromising the personal information of millions of students, including Social Security numbers, health, and disciplinary records. Following the breach, PowerSchool paid hackers an undisclosed sum in exchange for a video demonstrating the deletion of the stolen data. However, the situation escalated further as a threat actor used the stolen information to extort various school districts across the U.S. and Canada.
PowerSchool acknowledged the ongoing extortion attempts, confirming that multiple school districts had received threatening emails containing personal data, such as names, contact details, birthdays, and medical information. Notable affected districts include authorities from North Carolina and Canada, including the Peel District School Board and the Toronto District School Board, which both reported similar communications this week.
While the origin of the current extortion attempts remains unclear, PowerSchool informed that the data being used matches samples from the December 2024 breach, suggesting a possibility that the original hackers are either behind the extortion or have shared the stolen data. In response, PowerSchool has reported the incidents to law enforcement in both the U.S. and Canada and is collaborating with affected school districts to provide support.
PowerSchool, which became prominent during the COVID pandemic by offering software for streamlining educational processes, faces a growing challenge in maintaining trust amid such significant security lapses. The company expressed regret over the predicament faced by its customers, emphasizing the risks associated with data breaches and the subsequent exploitation of stolen information.
Note: The image is for illustrative purposes only and is not the original image associated with the presented article. Due to copyright reasons, we are unable to use the original images. However, you can still enjoy the accurate and up-to-date content and information provided.
