How has the PowerSchool data breach situation evolved?

The incident has now evolved into a more threatening situation as threat actors have begun directly contacting school districts, educational departments, and individuals demanding payment. Several school and state Department employees have received threatening messages from threat actors claiming to have access to student and teacher data from the breach.

Is this a new data breach or related to the previous one?

According to North Carolina Department of Public Instruction (NCDPI) Chief Information Officer Vanessa Wrenn, these recent threats involve the same data that was compromised in the original December breach, so it's not a new incident.

Incident

Hackers that breached PowerSchool escalates to ransom demands directed at individuals

Q: Where have the threatening messages been reported?

Similar threatening messages have been reported by PowerSchool SIS customers in various locations, including North Carolina, Oregon, and Canada.

Q: Did PowerSchool pay a ransom following the data breach?

Yes, PowerSchool has publicly acknowledged that they paid a ransom following the December 2024 incident, believing it was in the best interest of their customers and the students they serve. Despite receiving assurances and evidence that the data would be deleted, the company acknowledged the risk that bad actors might not honor their commitment.

published: May 7, 2025

Take action: There is no honor among criminals. This is why it's pointless to pay a ransom for stolen data. Criminals will most likely retain the data and extort everyone as much as possible.

Learn More

PowerSchool, a widely used Student Information System (SIS) provider, has experienced a massive data breach incident that has recently escalated to ransom demands to individuals.

The initial breach occurred in December 2024. The breach has impacted over 62 million current and former students and teachers nationwide. The incident has now evolved into a more threatening situation as threat actors have begun directly contacting school districtsm, educational departments and individuals demanding payment.

According to North Carolina Department of Public Instruction (NCDPI) officials, several school and state Department employees recently received threatening messages from threat actors claiming to have access to student and teacher data from the breach. Similar messages have been reported by PowerSchool SIS customers in various locations, including Oregon and Canada.

NCDPI Chief Information Officer Vanessa Wrenn confirmed that these recent threats involve the same data that was compromised in the original December breach, so it's not a new incident.

According to Toronto director of education Clayton La Touche, PowerSchool initially informed school boards that unauthorized users had accessed their data in late December 2024, but claimed the data had been deleted and not posted online.

PowerSchool has publicly acknowledged that they paid a ransom following the December 2024 incident, believing it was in the best interest of their customers and the students they serve. Despite receiving assurances and evidence that the data would be deleted, the company acknowledged the risk that bad actors might not honor their commitment. Despite payments and assurances, the threat actors did not honor their commitment to destroy the stolen information.

PowerSchool is offering two years of credit monitoring and identity protection services to students and faculty of affected PowerSchool SIS customers, regardless of whether they were individually compromised. This protection is available through July 31, 2025.

Hackers that breached PowerSchool escalates to ransom demands directed at individuals