PowerSchool is reportedly paying a ransom to prevent student data from being leaked

North American school software provider PowerSchool has reportedly paid a ransom to prevent attackers from releasing stolen student and teacher data.

An appeal to parents from the Howard-Suamico School District in Wisconsin, USA, seen by the publication NBC 26, reannouncement: “PowerSchool has confirmed that this was not a ransomware attack, but it paid a ransom to prevent data from being released.”

Information security contacted PowerSchool but would not comment on whether it had made such a payment.

In a Jan. 7 letter to customers notifying them of the breach, PowerSchool said it had taken all reasonable steps to prevent further unauthorized access or misuse of data.

This was reported by a representative of PowerSchool Information security”,PowerSchool believes the data was deleted without further copying or distribution.”

PowerSchool was acquired by private equity firm Bain Capital in October 2024. Its software solutions support more than 60 million students and more than 18,000 customers in more than 90 countries.

Compromised credentials cause a breach

PowerSchool, which provides K-12 software and cloud solutions for schools in the U.S. and Canada, said in a statement that an attacker gained unauthorized access to certain information through one of PowerSource’s community-based user support portals in December. 28, 2024.

This access was achieved through a compromised credentials– said the company. Compromised credentials have been deactivated and access to the infected portal has been restricted.

In addition, all PowerSource Customer Support Portal accounts have been fully password reset and password and access controls have been tightened.

PowerSchool confirmed that the information it received was about “families and teachers.” According to the notice, confidential information depends on the client.

Over the coming weeks, the firm will conduct a notification process to identify and notify all affected individuals.

Free credit monitoring will be offered to all affected adults, and privacy services will be provided to minors in accordance with regulatory and contractual obligations.

This incident was made public on the PowerSource portal, which means that there is no disruption to the schools.

“Importantly, the incident is contained and we have no evidence of malware or ongoing unauthorized activity in the PowerSchool environment,” the firm said.

Law enforcement agencies and relevant data protection regulators have been informed of the breach.

Moving from ransomware to data extortion

The incident is potentially related to the observed change in tactics some ransomware groups to focus mainly on stealing data to extort victims in recent years, often without the need to deploy ransomware to encrypt data.

Read now: Ransomware groups prioritize security evasion to steal data

Spencer Starkey, EMEA executive vice president of SonicWall, said schools and universities store highly sensitive data that can be used by attackers to impersonate students or employees for financial crimes.

This makes such data particularly suitable for extortion.

“An example of this is ransomware, cybercriminals can store this data that they steal from educational institutions for a high ransom,” Starkey said.