HQ/EMEAFind out how we can help your business
PowerSchool discloses that the threat actor orchestrating last December’s cyberattack is now extorting schools individually.
Reports stated that the attackers threatened to release stolen student and teacher data unless a ransom was paid.
The academic institution confirmed that it is aware of a threat actor contacting several school district customers in an extortion attempt, using compromised data previously indicated during the December 2024 incident.
The data samples correspond with those stolen during that event, indicating that this situation is not new.
As of now, the entity has already alerted law enforcement in both the US and Canada and is actively collaborating with affected clients to assist.
PowerSchool apologises for the new developments about the attacks.
PowerSchool expressed regret over the situation, stating it is distressing to see its clients threatened and victimised again by malicious actors.
Moreover, it has apologised for the ongoing threats from the breach and pledges to continue working with customers and law enforcement to address these extortion attempts.
The company also advises students and faculty to utilise its complimentary 24-month credit monitoring and identity protection services to protect themselves from fraud and theft attempts.
Furthermore, the organisation revealed more information regarding this initiative in its security incident FAQ. PowerSchool also reflected on its decision to pay the ransom demand, describing it as challenging to ensure customer protection.
The company recognised that organisations facing ransomware or data extortion attacks must confront very difficult and carefully calculated decisions. After discovering the December 2024 incident, PowerSchool opted to pay the ransom, believing it was in the best interest of its clients, students, and communities.
According to the statement, PowerSchool’s leadership took this decision seriously. They believed that paying the ransom was the most prudent step in preventing the public release of stolen data.
However, they acknowledged the risks involved, including the possibility that the threat actors might not eliminate the stolen data, regardless of their provided reassurances.
Organisations that fall victim to ransomware attacks should refrain from giving threat actors what they want, as there is no assurance that these individuals will hold their end of the bargain.
