THE BETRAYAL: Hackers Double-Dip After $1M+ Ransom Paid

PowerSchool thought they’d bought their way out of disaster. WRONG. Months after coughing up a secret ransom (industry experts estimate $1M+), schools are getting extortion letters—proving the hackers NEVER deleted the stolen student data like promised.

“We received a communication from a threat actor demanding a ransom using data from the previously reported incident.”

Toronto District School Board Statement

THE BREACH THAT BROKE EDUCATION

December 2024: One stolen password gave hackers total access to PowerSchool’s vaults containing:

• 60 MILLION student/teacher records
• Social Security numbers
• Health data stretching back to 2009

WHY PAYING RANSOMS IS A LOSER’S GAME

Cybersecurity experts have warned for years—paying ransoms fuels more attacks. PowerSchool’s case proves it:

• 40% of ransomware victims get hit again within 6 months (FBI 2024 Report)
• Hacker gangs routinely keep copies of “deleted” data
• Toronto schools now facing SECOND extortion attempt

“Samples of data match the data previously stolen in December.”

PowerSchool Spokesperson Beth Keebler

THE AFTERMATH: A Time Bomb for Millions

This isn’t over. Stolen education records are gold mines for identity thieves—children’s clean credit histories are prime targets. With data dating back 15+ years, we’re looking at:

• Generational identity theft risks
• Lifelong financial consequences
• Potential class-action lawsuits

WHAT SCHOOLS MUST DO NOW

If your district used PowerSchool, assume your data is in the wild:

1. Freeze student/teacher credit immediately
2. Demand PowerSchool’s FULL breach disclosure
3. Deploy dark web monitoring for stolen SSNs