Overview
- Hackers are now extorting individual school districts using data stolen in the December 2024 PowerSchool breach.
- PowerSchool previously paid an undisclosed ransom to prevent the release of stolen data, but the hackers appear to have retained it.
- The stolen data includes sensitive information such as Social Security numbers, medical records, and contact details for students and teachers.
- PowerSchool has reported these extortion attempts to law enforcement in the U.S. and Canada and is offering two years of credit monitoring to affected individuals.
- Security experts caution against paying ransoms, as there are no guarantees that stolen data will be deleted, a risk highlighted by this incident.