- I've yet to find a retro stereo amp that delivers sound as accurately for various genres than this
- Use AI at work? You might be ruining your reputation, a new study finds
- Why Whoop's policy change has fans fuming
- Apple now sells refurbished iPhone 15 models at discounted prices (including the Pro Max)
- The best no-log VPNs of 2025: Expert tested and reviewed
PowerSchool Admits Ransom Payment Amid Fresh Extortion Demands
Education technology provider, PowerSchool, has confirmed it paid a ransomware demand in an attempt to prevent cybercriminals from publishing stolen teacher and student data in the US and Canada.
The North American school software supplier admitted to making the payment as it revealed that a threat actor contacted multiple school district customers in a fresh attempt to extort them using data from the December 2024 incident.
The sample data used in the extortion attempts matched the data stolen in the December attack, PowerSchool said. Therefore, it does not believe it is a new incident.
It appears that the unnamed threat actor did not delete the data it stole, despite promising to do so as part of the payment agreement.
“We sincerely regret these developments – it pains us that our customers are being threatened and re-victimized by bad actors,” the company wrote in the update dated May 7.
PowerSchool revealed it paid the ransomware demand in the days following the discovery of the incident.
“We made the decision to pay a ransom because we believed it to be in the best interest of our customers and the students and communities we serve. It was a difficult decision, and one which our leadership team did not make lightly. But we thought it was the best option for preventing the data from being made public, and we felt it was our duty to take that action,” it commented.
The firm said it recognized when it made the payment that there was a risk that the threat actor would not delete the data they stole, “despite assurances and evidence that were provided to us.”
Rumours circulated in January that the company had paid the attackers. A message to parents by the Howard-Suamico School District in Wisconsin, US, seen by news outlet NBC 26, read: “PowerSchool confirmed that this was not a ransomware attack but it did pay a ransom to prevent the data from being released.”
In a statement to Infosecurity in January, PowerSchool refused to confirm if it had paid a ransom demand but stated that it believed the data had been deleted without further replication or dissemination.
Paying Ransom Demands Provides No Guarantee
The PowerSchool incident demonstrates that paying a ransomware demand offers no guarantee that any stolen data will no longer be used or will keep the victim safe from further attacks.
A 2024 study by Cybereason found that 78% of victims who paid a ransom demand were hit by a second ransomware attack, often by the same threat actor.
Commenting on the story, Dr Darren Williams, Founder and CEO of BlackFog, said, “In this case, even after a ransom was paid, attackers reportedly continued targeting individual school districts for additional payouts. That’s the harsh reality of double extortion: once data is stolen, threat actors hold the upper hand indefinitely,” he commented.
He noted that the shift in focus by ransomware attackers towards data theft – either in combination with encryption or without encryption at all – makes this type of scenario more likely.
“This trend also makes attacks harder to detect and defend against. It’s not just about locking down systems anymore – it’s about identifying and stopping data from being exfiltrated in real time,” Williams added.
Compromised Credential Led to Data Breach
PowerSchool originally wrote to customers on January 7, 2025, notifying them of the breach.
It revealed that a malicious actor gained unauthorized access to certain information through a compromised credential for one of its customer support portals.
In March, PowerSchool provided an update on the incident, revealing that the stolen information related to current and former students and educators.
This data varied by person, and included one or more of the following: name, contact information, date of birth, limited medical alert information, Social Security Number (SSN)/Social Insurance Number (SIN) and other related information.
It is not believed that any credit card or banking details were accessed.
The incident has been reported to law enforcement in both the US and Canada.
PowerSchool provides K-12 software and cloud-based solutions to schools in both countries.
The firm was acquired by private investment firm Bain Capital in October 2024. It’s software solutions support over 60 million students and over 18,000 customers in more than 90 countries.
