PowerSchool, a North American school software provider, has reportedly made a payment to prevent attackers from releasing stolen data of students and teachers. The Howard-Suamico School District in Wisconsin, US, informed parents that PowerSchool had confirmed making a ransom payment to prevent the data from being released. Despite this confirmation, PowerSchool did not offer any comment on the payment when contacted by Infosecurity.
On January 7, PowerSchool sent out a letter to its customers notifying them of the breach and assuring them that all necessary steps had been taken to prevent further unauthorized access or misuse of the compromised data. A spokesperson for PowerSchool stated that the company believes the data has been deleted without any further replication or dissemination.
PowerSchool, which was acquired by Bain Capital in October 2024, provides software solutions to support over 60 million students and over 18,000 customers in more than 90 countries. The breach occurred when a malicious actor gained unauthorized access to certain information through PowerSource, a community-focused customer support portal, on December 28, 2024. This unauthorized access was made possible through a compromised credential, which has since been deactivated and access to the portal has been restricted. PowerSchool has conducted a full password reset and implemented tighter password and access controls for all PowerSource accounts.
The compromised information pertains to families and educators, and the extent of the information accessed will vary by customer. PowerSchool plans to notify all impacted individuals in the coming weeks. Adults affected by the breach will be offered free credit monitoring services, while minors will receive identity protection services in compliance with regulatory requirements.
Despite the breach, there has been no operational disruption to schools as the incident was isolated to the PowerSource portal. PowerSchool has assured that there is no evidence of malware or continued unauthorized activity in their environment. Law enforcement and data protection regulators have been notified of the breach.
The incident sheds light on a trend where ransomware groups are increasingly focusing on data exfiltration to extort victims, rather than deploying ransomware payloads to encrypt data. Spencer Starkey, Executive VP EMEA at SonicWall, highlighted the sensitive nature of data held by educational institutions, which can be used by malicious actors for financial crimes. This type of data is particularly valuable for extortion purposes, as seen in cases where cybercriminals hold stolen data for ransom at high prices.
In conclusion, the recent ransom payment made by PowerSchool underscores the growing threat of data extortion in the cybersecurity landscape, particularly targeting educational institutions. This incident serves as a reminder of the importance of implementing robust security measures to safeguard sensitive information and mitigate the risks of data breaches.