Hackers Extort US School Districts Following PowerSchool Data Breach, Original Ransom Paid

• U.S. school districts are being extorted following the December 2024 PowerSchool data breach.
• Cybercriminals leverage sensitive student information from the breach to demand ransoms.
• PowerSchool admitted to paying a ransom to the hackers responsible for the original breach.

Several U.S. school districts recently faced extortion attempts. The attacks leverage stolen data obtained from PowerSchool, a California-based educational software and cloud services provider. 

On Wednesday, PowerSchool confirmed that threat actors had contacted several school districts, attempting to extort them by exploiting the stolen data, according to Reuters. 

To mitigate potential harms, PowerSchool admitted to paying a ransom to the hackers responsible for the original breach. 

PowerSchool, which serves over 60 million students globally, disclosed details of a significant data breach in December 2024. The breach exposed sensitive student information, including names, contact information, dates of birth, Social Security numbers, and limited medical alert data.

The company justified this decision by citing the best interests of its customers and student communities, stating that the hackers provided "assurances and evidence" that the stolen data would be deleted.

Despite PowerSchool's disclosure, the exact extent of the current extortion attempts remains unclear. Sources indicate that at least four school districts have been directly targeted, though their locations have not been specified. 

It has not been confirmed if the hackers behind the original breach are also responsible for the extortion attempts. 

Last year, Highline Public Schools was the victim of an unclaimed cyberattack that suspended all school activities. Pembina Trails School Division was also hit by Rhysida Ransomware, and the stolen data ended up for sale on a breach forum.

Recently, a new Fog ransomware variant was discovered to target US sectors, 80% of them being in education. Threat actors were able to access victim environments by leveraging compromised VPN credentials.

According to Verizon’s 2024 Data Breach Investigations Report, the educational services sector faced a significant threat from malware, hacking, and social engineering, with incidents in 2023 reaching 1,780, of which 1,537 involved confirmed data disclosure.