09-05-2025
Hackers again demand ransom for schools' data
Stolen personal student and teacher information that was supposed to be destroyed after a ransom was paid is now being used to extort individual school districts.
In December, a hacker gained access to personal data for students and teachers around the world in the database for the PowerSchool student information system. PowerSchool told users that the hacker destroyed the data, but now that same data is being used to get ransoms from individual school districts.
Ransom demands have been sent to school districts across the U.S. and Canada, including at least 20 North Carolina school districts and the North Carolina Department of Public Instruction. The hacker wants Bitcoin in exchange for destroying the data, according to Vanessa Wren, chief information officer for DPI.
The North Carolina Department of Public Instruction will not engage with those making the threats, State Superintendent Mo Green said at a news conference Wednesday.
State officials did not release the names of the school districts that received the ransom demand in emails on Wednesday, but Green said they have been told not to engage with those making the threats.
The data affected goes back to 2013, when all North Carolina public schools began using PowerSchool. PowerSchool is used to record information such as student attendance, grades and class schedules. In a decision made before the latest breach, all North Carolina public schools will switch to using a different system called Infinite Campus by July 1.
'It is certainly unacceptable that these families and public servants have had the data compromised again and going through what we just went through a few months ago,' Green said. 'It is completely unfortunate that the perpetrators are preying on innocent children and dedicated public servants.'
Wrenn said PowerSchool believes the new threat is coming from the same hacker who stole the data but can't confirm that yet. Law enforcement in the U.S. and Canada are investigating.
In a statement Wednesday, PowerSchool confirmed it had paid a ransom to the hacker in hopes of having the data destroyed. The company says the hacker did not honor the deal.
'PowerSchool is aware that a threat actor has reached out to multiple school district customers in an attempt to extort them using data from the previously reported December 2024 incident,' PowerSchool said in its statement. 'We do not believe this is a new incident, as samples of data match the data previously stolen in December.'
PowerSchool has provided free credit monitoring to people affected by the data breach. It urged people concerned about the data breach to go to to take advantage of the credit monitoring services.
Distributed by Tribune Content Agency LLC.
