Months after PowerSchool paid a ransom to hackers in hopes of securing stolen student records, the PowerSchool data breach has resurfaced—this time with renewed extortion attempts targeting school districts directly.
PowerSchool, a major provider of K–12 software used by over 60 million students across North America, was first breached in December 2024. Hackers used a stolen credential to gain unauthorized access to databases holding sensitive personal data. This included Social Security numbers, medical details, and full student and teacher records.
Although PowerSchool paid an undisclosed ransom to have the data deleted, it appears the stolen information wasn’t destroyed. Now, districts like Toronto’s District School Board say they are being directly contacted by cybercriminals. In a statement this week, Toronto officials revealed they received a new ransom demand related to the same breach. The board serves about 240,000 students annually.
Stolen Data Still in Play, Despite Ransom Payment
Local media reports that other schools in North Carolina have also received similar threats. PowerSchool confirmed that it had previously paid off the hacker to prevent public release of the stolen data, believing it was the “best option” at the time.
Cybersecurity experts, however, continue to warn against ransom payments. They argue that there’s no guarantee hackers will follow through with promises to delete stolen data. Many ransomware groups have previously kept stolen files, only to revictimize organizations later.
In a message to its customers this week, PowerSchool acknowledged that a “threat actor” is contacting districts using data from the earlier breach. Company spokesperson Beth Keebler stated that the current extortion attempts appear related to the original December incident, citing matching data samples.
Although the full scope remains unclear, several school districts have told media that all historical data was compromised. In Toronto, the exposed records reportedly date back to 2009, potentially affecting millions of people.
PowerSchool has not disclosed how many individuals were impacted or what steps it’s taking next. As more districts report contact from cybercriminals, concerns grow that the PowerSchool data breach may continue to ripple through North America’s education system for months to come.
