PowerSchool Paid Hackers—Now Schools Are Getting SHAKEDOWNED for the Same Data
THE BETRAYAL: Hackers Double-Dip After $1M+ Ransom Paid
PowerSchool thought they’d bought their way out of disaster. WRONG. Months after coughing up a secret ransom (industry experts estimate $1M+), schools are getting extortion letters—proving the hackers NEVER deleted the stolen student data like promised.
“We received a communication from a threat actor demanding a ransom using data from the previously reported incident.”
Toronto District School Board Statement
THE BREACH THAT BROKE EDUCATION
December 2024: One stolen password gave hackers total access to PowerSchool’s vaults containing:
- 60 MILLION student/teacher records
- Social Security numbers
- Health data stretching back to 2009
WHY PAYING RANSOMS IS A LOSER’S GAME
Cybersecurity experts have warned for years—paying ransoms fuels more attacks. PowerSchool’s case proves it:
- 40% of ransomware victims get hit again within 6 months (FBI 2024 Report)
- Hacker gangs routinely keep copies of “deleted” data
- Toronto schools now facing SECOND extortion attempt
“Samples of data match the data previously stolen in December.”
PowerSchool Spokesperson Beth Keebler
THE AFTERMATH: A Time Bomb for Millions
This isn’t over. Stolen education records are gold mines for identity thieves—children’s clean credit histories are prime targets. With data dating back 15+ years, we’re looking at:
- Generational identity theft risks
- Lifelong financial consequences
- Potential class-action lawsuits
WHAT SCHOOLS MUST DO NOW
If your district used PowerSchool, assume your data is in the wild:
- Freeze student/teacher credit immediately
- Demand PowerSchool’s FULL breach disclosure
- Deploy dark web monitoring for stolen SSNs
