Several school districts are being threatened with extortion by a "threat actor" months after a hacker breached into data storage containing children's personal information.
The situation comes after PowerSchool, one of the largest providers of education tech, paid off hackers to not publish tens of millions of kids' personal information. A cybersecurity audit previously concluded that the company missed a basic cybersecurity step.
Hackers Threaten School Districts With Extortion
It was hacked last year, which resulted in what is considered one of the largest breaches to date of American children's data. PowerSchool reportedly paid the hackers an undisclosed sum of money in exchange for a video that purportedly showed the suspects deleting the files they stole.
The data that was breached included some students' Social Security numbers and other sensitive information, such as health and disciplinary records. The latest extortion threats are trying to get money from schools and school districts in both the United States and Canada, according to NBC News.
In a Wednesday statement, PowerSchool said it was aware of a threat actor that had reached out to several school district customers. This was reportedly in an attempt to extort them using the stolen data from the December 2024 incident.
Read more: Australian Teen Breaches Security, Brings Shotgun on Plane Before Passengers Overpower Him
North Carolina Department of Public Instruction Superintendent Mo Green released a public bulletin noting that public schools across the state received extortion emails on Wednesday morning.
It could not be immediately established whether or not the original hackers behind the incident last year are also responsible for the latest extortion threats. The exact locations of the schools and school districts that were threatened have not been revealed to the public, Channel News Asia reported.
PowerSchool Data Hack
PowerSchool is a company that provides various cloud-based software, including student information systems, ranging from K-12 schools and districts. It is supporting more than 60 million students and 18,000 customers in more than 90 different countries.
The incident last year started when PowerSchool identified suspicious activity on Dec. 28, 2024. CrowdStrike started an investigation into the circumstances behind the hack the day after the activity was discovered.
The assailants were able to gain access to the company's system with a compromised credential for a support user in the company's PowerSource support portal. An investigation report in late February this year revealed that the hackers had a level of access including SIS database instances for maintenance purposes, as per Cyberscoop.
The hackers reportedly stole data from the "teachers" and "students" tables of the company's SIS instances. CrowdStrike said that it did not find any evidence of system-layer access or malware at the time.
