FlagThis - #powerschool

PowerSchool, a major education technology vendor, is grappling with the aftermath of a December cyberattack. Despite paying a ransom to the perpetrators in an attempt to prevent the release of stolen data, the hacker is now directly extorting individual school districts. The threat actor is demanding additional ransom payments from these districts, threatening to release sensitive student and teacher data if their demands are not met. This turn of events highlights the challenges and risks associated with paying ransoms in cyber extortion cases, as it does not guarantee the deletion of stolen data.

This situation has prompted a warning from PowerSchool to its customers. The company acknowledges that a threat actor has contacted multiple school districts, attempting to extort them using data from the December 2024 incident. PowerSchool maintains that this is not a new breach, as the data samples match those stolen previously. Law enforcement has been notified and is now involved in the investigation. The incident raises concerns about the ongoing security risks faced by organizations when vendors in their supply chain are targeted by cyberattacks.

PowerSchool provides cloud-based software to K-12 schools and districts, supporting over 60 million students across 18,000 customers in more than 90 countries. The company made the decision to pay the initial ransom because it believed it was in the best interest of its customers and communities. They understood the risks that the bad actors might not delete the data despite assurances. The Toronto District School Board, a PowerSchool customer, voiced doubts about the ransomware crew's deletion of data, emphasizing the ongoing pressure on school officials to prevent data leaks.


References :

• bsky.app: Infosec Exchange Post - PowerSchool's December breach is now extorting schools
• cyberscoop.com: CyberScoop article about PowerSchool customers hit by downstream extortion threats.
• The Register - Security: Details on hacker now extorting school districts after paying ransom to PowerSchool
• The DefendOps Diaries: Report discussing the PowerSchool data breach and its implications.
• BleepingComputer: BleepingComputer article about PowerSchool hacker now extorting individual school districts.
• www.bleepingcomputer.com: BleepingComputer reports on PowerSchool hacker extorting school districts.
• cyberscoop.com: PowerSchool customers hit by downstream extortion threats
• BleepingComputer: PowerSchool hacker now extorting individual school districts
• malware.news: PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (2)
• DataBreaches.Net: PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
• PCMag UK security: UK PCMag covers PowerSchool attackers extorting teachers.
• go.theregister.com: PowerSchool paid thieves to delete stolen student, teacher data. Crooks may have lied Now individual school districts extorted by fiends
• Metacurity: PowerSchool hackers are extorting schools despite the company's ransom payment

Classification:

• HashTags: #DataBreach #Extortion #PowerSchool
• Company: PowerSchool
• Target: School districts
• Product: PowerSchool
• Feature: Data Extortion
• Type: Ransomware
• Severity: Major