- A trick in the software provider of the Powerschool School has put staff and students at risk
- Individual schools are now being attacked using the same data
- Powerschool paid the rescue, but the data were not cleaned
According to reports, the computer pirates who hit Powerschool in 2024 are now attacking individual schools and extorting them by rescue, threatening to release previously stolen information from students and personnel.
“PowerSchool is aware that a threat actor has communicated with multiple clients of the school district in an attempt to extort them using data from the December 2024 incident reported previously,” the organization confirmed.
Powerschool is a higher education software platform with more than 17,000 clients that cover 90 countries and support more than 50 million students. A cyber attack in December 2024 led to the personal data of 62 million students and 9 million teachers ex -stated by attackers, with more than 6,500 school districts in the United States and Canada affected.
Students at risk
Powerschool paid the rescue to cybercriminals in the hope that they would erase the stolen data, but since these recent incidents are using the information that was stolen in the December Hack, it seems quite clear that this was not the case.
“It was a difficult decision, and one that our leadership team did not take lightly,” said the company.
“But we thought it was the best option to prevent the data from becoming public, and we felt that it was our duty to take that action. As always is the case with these situations, there was a risk that the bad actors did not eliminate the data they stole, despite the guarantees and evidence that were provided to us.”
The exfiltrated data include personal identification information such as social security numbers, names, addresses and even medical information.
As such, the firm recommends that any affected person take advantage of the two years of credit theft protection and free identity monitoring to mitigate the risks raised by stolen information.
Powerschool apologized for the threats raised by the violation, and has confirmed that he will continue working with the law application agencies to mitigate damage and respond to extortion attempts.
Through Bleepingcomputer
