Multiple US, Canadian school districts targeted in extortion attempts after PowerSchool data breach

PowerSchool, a major education software and cloud provider, suffered a significant data breach in December 2024 that exposed personal information of students and staff, including Social Security numbers and health records. Despite paying a ransom to hackers with the expectation the stolen data would be deleted, multiple school districts in the U.S. and Canada are now facing extortion attempts using the same compromised data. PowerSchool and affected school boards, such as those in North Carolina and Calgary, have warned families and staff about these ongoing threats and offered credit monitoring services. The company stated there is no evidence of a new breach, but acknowledged the inherent risk that hackers would not honor their commitment to delete the data. The incident highlights the limitations and risks of paying ransoms to cybercriminals, as well as the need for robust cybersecurity practices in educational institutions. Authorities and school boards continue to monitor the situation and communicate with affected communities.