- PiWerschool school software provider has endangered staff and students in danger
- Individual schools are now targeted using the same data
- Powerschool paid for the ransom, but the data was not wiped
Pirates who struck Powerschool in 2024 now target individual schools and extort them for ransom, threatening to disclose information on stolen students and staff.
“Powerschool is aware that a threat player has contacted several school customers to try to extort them using data from the previously reported incident in December 2024,” the organization confirmed.
Powerschool is a high-level training software platform with more than 17,000 customers covering 90 countries and supporting more than 50 million students. A cyber attack in December 2024 led personal data of 62 million students and 9 million teachers exfiltrated by attackers, with more than 6,500 school districts in the United States and Canada.
Risky students
Powerschool paid for cybercriminal ransom in the hope that they would wipe stolen data, but as these recent incidents use information corresponding to what was stolen in December piracy, it seems clear that it was not the case.
“It was a difficult decision and that our management team did not take lightly,” said the company.
“But we thought it was the best option to prevent the data from being made public, and we estimated that it was our duty to take this action. As is always the case with these situations, there was a risk that the bad players will not delete the data they stole, despite the insurance and the evidence provided to us.”
Exfiltrated data include personally identifiable information such as social security numbers, names, addresses and even medical information.
As such, the company recommends that anyone affected to take advantage of the two years of free software for credit surveillance and protection against identity theft to mitigate the risks laid by stolen information.
Powerschool apologized for the threats posed by the violation and confirmed that it would continue to work with the law enforcement organizations to mitigate damage and respond to extortion attempts.
Via Bleeping Compompute
