PowerSchool, a major education tech provider, paid hackers to prevent the release of stolen student data, but school districts are still facing extortion attempts. This follows a widespread data breach.
What happened
PowerSchool, one of the largest providers of education technology in the US, paid hackers in an attempt to prevent the public release of tens of millions of students’ personal information. Despite the payment, school districts affected by the breach are now facing fresh extortion attempts, according to a report by NBC News.
The backstory
On December 28, 2024, PowerSchool, a major K–12 education technology provider, suffered a cybersecurity breach in which hackers accessed and exfiltrated sensitive student and teacher data from its Student Information System (SIS). The breach occurred after attackers used stolen credentials to enter PowerSchool’s internal support portal, PowerSource, and exploited a maintenance tool to extract personal information, including names, contact details, Social Security numbers, medical alerts, and academic records.
In response, institutions launched investigations, with FCPS working alongside cybersecurity firm CrowdStrike. Although PowerSchool stated the breach had been contained and that no stolen data had been found on the dark web, the company paid a ransom, arranged by incident response firm CyberSteward, hoping the data would be deleted.
Go deeper: PowerSchool faces large data breach
What was said
According to NBC News, PowerSchool issued a statement acknowledging the risks involved in trusting the attackers' assurances: “As is always the case with these situations, there was a risk that the bad actors would not delete the data they stole, despite assurances and evidence that were provided to us.”
The company also expressed regret over the ongoing fallout, stating, “We have reported this matter to law enforcement both in the United States and in Canada and are working closely with our customers to support them. We sincerely regret these developments—it pains us that our customers are being threatened and re-victimized by bad actors.”
See also: HIPAA Compliant Email: The Definitive Guide (2025 Update)
Why it matters
Paying a ransom doesn't ensure that stolen data will be securely erased. The PowerSchool incident demonstrates how victims of ransomware attacks remain susceptible to continued extortion despite paying hackers.
Read also:
FAQS
Who is responsible for protecting student data?
Both the education technology providers and the schools that use their services share responsibility for safeguarding student information through proper data management and cybersecurity practices.
Can this kind of breach be prevented in the future?
While no system is entirely immune, breaches can be mitigated with strong cybersecurity measures, regular audits, employee training, and secure access protocols.
What steps are taken during a cybersecurity investigation?
Cybersecurity investigations involve identifying how the breach occurred, assessing the extent of the data compromised, securing affected systems, and preventing further attacks.
Tshedimoso Makhene
