@cyberscoop.com
//
A 19-year-old college student from Worcester, Massachusetts, Matthew Lane, has agreed to plead guilty to charges related to a massive cyberattack on PowerSchool, a cloud-based education software provider. The cyberattack involved extorting millions of dollars from PowerSchool in exchange for not leaking the personal data of millions of students and teachers. Lane exploited stolen credentials to gain unauthorized access to PowerSchool's networks, leading to the theft of sensitive student and teacher data.
The data breach is considered one of the largest single breaches of American schoolchildren's data, affecting approximately 62.4 million students and 9.5 million teachers. According to court documents, Lane obtained stolen data from a U.S. telecommunications company before targeting PowerSchool. After the initial victim refused to pay a ransom, Lane allegedly sought to hack another company that would pay. The stolen information included sensitive details like Social Security numbers and academic records.
Lane will plead guilty to multiple charges, including cyber extortion conspiracy, cyber extortion, unauthorized access to protected computers, and aggravated identity theft. The incident has been described by authorities as a serious attack on the economy, with the potential to instill fear in parents regarding the safety of their children's data. This case highlights the increasing risk of cyberattacks targeting educational institutions and the importance of robust cybersecurity measures to protect student and teacher data.
References :
- cyberscoop.com: Massachusetts man will plead guilty in PowerSchool hack case
- DataBreaches.Net: Massachusetts hacker to plead guilty to PowerSchool data breach
- BleepingComputer: A 19-year-old college student from Worcester, Massachusetts, has agreed to plead guilty to a massive cyberattack on PowerSchool that extorted millions of dollars in exchange for not leaking the personal data of millions of students and teachers.
- The DefendOps Diaries: Explore the PowerSchool data breach, its impact on education tech, and lessons for cybersecurity.
- BleepingComputer: PowerSchool hacker pleads guilty to student data extortion scheme
- www.bleepingcomputer.com: A 19-year-old college student from Worcester, Massachusetts, has agreed to plead guilty to a massive cyberattack on PowerSchool that extorted millions of dollars in exchange for not leaking the personal data of millions of students and teachers. [...]
- cyberinsider.com: PowerSchool Hacker to Plead Guilty for Extortion Affecting Millions
- Threats | CyberScoop: Massachusetts man will plead guilty in PowerSchool hack case
- techcrunch.com: US student agrees to plead guilty to hack affecting tens of millions of students
- The Register - Security: US teen to plead guilty to extortion attack against PowerSchool
- CyberInsider: PowerSchool Hacker to Plead Guilty for Extortion Affecting Millions
- hackread.com: 19-Year-Old Admits to PowerSchool Data Breach Extortion
- techcrunch.com: US student agrees to plead guilty to hack affecting tens of millions of students
Classification:
Dissent@DataBreaches.Net
//
In December 2024, PowerSchool, a major provider of K-12 software serving 60 million students across North America, experienced a significant data breach. Hackers gained access to sensitive student and teacher data, including personally identifiable information such as Social Security numbers and health data, through a single stolen credential. The company, believing it was the best course of action, paid an undisclosed ransom to the threat actor to prevent the data from being made public, however this has proven to be unsuccessful.
Months later, it has been revealed that the threat actors are now directly targeting individual school districts with extortion demands, using the stolen data from the initial breach. The Toronto District School Board (TDSB), along with other schools in North America, has confirmed receiving ransom demands from the attackers. The exposed information includes names, contact details, birth dates, Social Security numbers, and even some medical alert data. PowerSchool has confirmed that these extortion attempts are related to the original breach and is working with law enforcement.
Cybersecurity experts have warned against paying ransoms, as there is no guarantee that hackers will delete the stolen data. This case exemplifies the risk of paying extortion demands, as the threat actors have resurfaced to revictimize affected individuals and institutions with additional demands. PowerSchool is offering two years of free identity protection to affected individuals, however there will be pressure for them to improve its security and reassure stakeholders that it can prevent similar incidents in the future.
References :
- bsky.app: The hacker behind PowerSchool's December breach is now extorting schools, threatening to release stolen student and teacher data.
- Threats | CyberScoop: The large education tech vendor was hit by a cyberattack and paid a ransom in December. Now, a threat actor is attempting to extort the company’s customers with stolen data.
- The Register - Security: PowerSchool paid thieves to delete stolen student, teacher data. Crooks may have lied
- The DefendOps Diaries: Report discussing the PowerSchool data breach and its implications.
- BleepingComputer: PowerSchool is warning that the hacker behind its December cyberattack is now individually extorting schools, threatening to release the previously stolen student and teacher data if a ransom is not paid. [...]
- www.bleepingcomputer.com: BleepingComputer reports on PowerSchool hacker extorting school districts.
- cyberscoop.com: PowerSchool customers hit by downstream extortion threats
- BleepingComputer: PowerSchool hacker now extorting individual school districts
- malware.news: PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (2)
- DataBreaches.Net: PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
- PCMag UK security: UK PCMag covers PowerSchool attackers extorting teachers.
- go.theregister.com: PowerSchool paid thieves to delete stolen student, teacher data. Crooks may have lied Now individual school districts extorted by fiends
- Metacurity: PowerSchool hackers are extorting schools despite the company's ransom payment
- techcrunch.com: TechCrunch article on PowerSchool being hacked.
- hackread.com: PowerSchool Paid Ransom, Now Hackers Target Teachers for More
- : Teachers report that bad actors are now targeting them with threatening emails demanding payment following a massive 2024 breach affecting schools across the US and Canada. One of the largest hacks of US schools continues as teachers across the country say that threat actors are extorting them for more money and threatening to release the data.
- www.metacurity.com: PowerSchool hackers are extorting schools despite the company's ransom payment
- thecyberexpress.com: Toronto School Board Hit with Extortion Demand After PowerSchool Data Breach
- Blog: PowerSchool clients now targeted directly by threat actor
- cyberinsider.com: PowerSchool Ransom Fallout: Extortion Attempts Hit Schools Months After Data Breach
- www.techradar.com: PowerSchool hackers return, and may not have deleted stolen data as promised
- malware.news: Double-extortion tactics used in PowerSchool ransomware attack
- CyberInsider: Months after paying a ransom to suppress the fallout of a major data breach, PowerSchool is facing renewed turmoil as threat actors have begun extorting individual school districts using the same stolen data.
- Matthew Rosenquist: More extortions, same - a perfect example of how not to deal with risks. The nightmare continues for schools, students, and teachers who's private data was exposed by PowerSchool.
- matthewrosenquist.substack.com: PowerSchool data breach round 2 extortions
- aboutdfir.com: Reports an education tech provider paid thieves to delete stolen student, teacher data.
- MeatMutts: The educational sector has been rocked by a significant data breach involving PowerSchool, a leading education technology provider serving over 60 million students globally.
- aboutdfir.com: PowerSchool paid thieves to delete stolen student, teacher data. Looks like crooks lied An education tech provider that paid a ransom to prevent the leak of stolen student and teacher data is now watching its school district customers get individually extorted by either the same ransomware crew that hit it – or someone connected to
Classification:
Sergiu Gatlan@BleepingComputer
//
The Ransomware-as-a-Service (RaaS) group Hunters International has reportedly shifted its focus from ransomware to data extortion, rebranding itself as "World Leaks" on January 1, 2025. This change in tactics signals a new era in cybercrime, driven by the declining profitability of ransomware and increased scrutiny from law enforcement and governments worldwide. Group-IB researchers revealed that the group's senior personnel decided ransomware was becoming too "unpromising, low-converting, and extremely risky," leading to the development of an extortion-only operation.
The group is reportedly leveraging custom-built exfiltration tools to automate data theft from victim networks, enhancing their ability to carry out extortion-only attacks. Cybersecurity researchers have also linked Hunters International to the infamous Hive ransomware group. There are suggestions that they acquired Hive’s source code and operational tools. While Hunters International denies being a direct continuation of Hive, evidence suggests that they acquired Hive’s source code and operational tools. The group targets various industries, including healthcare, real estate, and professional services, across North America, Europe, and Asia.
References :
- The DefendOps Diaries: Hunters International's shift to data extortion: a new era in cybercrime.
- BleepingComputer: The Hunters International Ransomware-as-a-Service (RaaS) operation is shutting down and rebranding with plans to switch to date theft and extortion-only attacks.
- Cyber Security News: Hunters International Linked to Hive Ransomware in Attacks on Windows, Linux, and ESXi Systems
- The Register - Security: Crimelords at Hunters International tell lackeys ransomware too 'risky'
- securityboulevard.com: Details of the rebranding and shift in focus to extortion by Hunters International.
- bsky.app: The Hunters International ransomware group is shutting down and rebranding as World Leaks – an extortion-only operation.
- The420.in: The ransomware-as-a-service (RaaS) operation Hunters International has announced a strategic pivot—shutting down its encryption-based ransomware campaigns and rebranding as a new extortion-only group known as “World Leaks.â€
Classification:
|
|
FlagThis - #dataextortion
