PowerSchool, which provides educational software to more than 60 million students in North America, has paid a ransom to hackers who breached its systems and stole sensitive data. The company claims it has video evidence that the stolen files have been deleted.
PowerSchool, a leading provider of cloud solutions to more than 15,000 schools in North America, reported a cyber attack that occurred in December 2024, just days before Christmas. According to a leaked letter published by journalist Brian Krebs, hackers gained access to the company’s servers between December 19 and 23. In the letter, Powerschool said it confirmed the deletion of the files via video, adding that it monitors the dark web to ensure the data does not become public. However, cybersecurity experts highlight the risks of such an approach. Most hacking groups are known to use a dual extortion model where stolen files are resold or used for new ransom demands.
The data breached could include names, addresses, social security numbers, medical information and student grades. This violates US child data protection laws, including the Children’s Online Privacy Protection Act (COPPA) and the Family Educational Rights and Privacy Act (FERPA). To address the aftermath of this incident, PowerSchool engaged Cyber Steward, a third-party cybersecurity firm, to implement additional security measures, including changing the compromised credentials. Despite the company’s attempts to minimize the consequences, the incident was heavily criticized by cyber security experts. Incidents like these highlight the importance of strengthening security systems and implementing data protection best practices.