Cybersecurity News
Cybersecurity8 May 2025 3m uk.pcmag.com

PowerSchool Cyberattack: Teachers Extorted After Data Breach

In the aftermath of a massive data breach affecting over 60 million students, teachers are now facing extortion attempts from hackers seeking additional ransom payments. The breach raises concerns about data security in schools.
PowerSchool Cyberattack: Teachers Extorted After Data Breach

Key Takeaways

  • 1."We received about 50 emails to various employees at the department of public instruction and confirmed that 20 local education agencies were contacted through emails," said Vanessa Wrenn, chief information officer for the North Carolina Department of Public Instruction.
  • 2."In this case, even after a ransom was paid, attackers reportedly continued targeting individual school districts for additional payouts," noted Dr.
  • 3.Nonetheless, the company is taking steps to safeguard its clients by reporting incidents from "multiple school districts" to appropriate law enforcement agencies in both the U.S.

A significant cybersecurity crisis continues to unfold following a massive breach of the PowerSchool education platform, which has left teachers vulnerable to extortion efforts. In May 2025, educators across the United States and Canada reported receiving threatening emails from hackers demanding payment to prevent the release of stolen data.

"We received about 50 emails to various employees at the department of public instruction and confirmed that 20 local education agencies were contacted through emails," said Vanessa Wrenn, chief information officer for the North Carolina Department of Public Instruction. Her comments underline the growing alarm over the aftermath of the hack, which was initially discovered in December 2024.

"We received about 50 emails to various employees at the department of public instruction and confirmed that 20 local education agencies were contacted through emails,"

Person using laptop with holographic cybersecurity shield and digital interface elements
Person using laptop with holographic cybersecurity shield and digital interface elements

The breach is believed to have compromised the sensitive information of approximately 62 million children and 9.5 million teachers. The hackers targeted the education technology platform PowerSchool, which later confirmed that they had paid an undisclosed ransom in the hope of securing the deletion of the stolen information. However, it appears the attackers did not keep their end of the bargain.

"As is always the case with these situations, there was a risk that the bad actors would not delete the data they stole, despite assurances and evidence that were provided to us," expressed a spokesperson from PowerSchool. "We sincerely regret these developments – it pains us that our customers are being threatened and re-victimized by bad actors."

"As is always the case with these situations, there was a risk that the bad actors would not delete the data they stole, despite assurances and evidence that were provided to us,"

Data center server room with multiple monitors displaying code and red LED lighting
Data center server room with multiple monitors displaying code and red LED lighting

By the Numbers

By the Numbers

By the Numbers

Evidence shows that the compromised data varies by school but primarily includes student and parent names, ethnicity, home addresses, GPAs, email addresses, and Social Security numbers. The ongoing threat extends beyond the initial breach, as hackers are now specifically targeting individual school districts for additional ransom payments, complicating the already dire situation.

In a letter sent to parents and guardians this week, a Toronto school district outlined how these new extortion attempts have manifested. The communication has created unease among families, educators, and officials alike as they navigate the uncertain landscape of cybersecurity.

"In this case, even after a ransom was paid, attackers reportedly continued targeting individual school districts for additional payouts," noted Dr. Darren Williams, CEO of ransomware prevention platform BlackFog. "That’s the harsh reality of double extortion: once data is stolen, threat actors hold the upper hand indefinitely."

"In this case, even after a ransom was paid, attackers reportedly continued targeting individual school districts for additional payouts,"

PowerSchool has maintained that the new threats do not involve any additional data breaches, asserting that there is no evidence that hackers have obtained new information. Nonetheless, the company is taking steps to safeguard its clients by reporting incidents from "multiple school districts" to appropriate law enforcement agencies in both the U.S. and Canada.

"multiple school districts"

Looking Ahead

Looking Ahead

While PowerSchool insists they are actively working to address the situation, the risk of future attacks continues to loom over educational institutions that rely on their platform. As alarming as this breach is, it raises wider questions about the security practices and data protection measures in place across educational technologies worldwide.

As the investigation continues, stakeholders in the education sector are left grappling with the implications of the breach. The urgent need for enhanced cybersecurity strategies has never been more apparent, highlighting the ongoing threat that ransomware and extortion present in an increasingly digital world. Amidst these threats, the outlook remains uncertain for both educators and the institutions they represent, as the potential for further attacks looms large.

data-breachPowerSchooleducationransomhacking