Hacker Reignites PowerSchool Breach, Targets Schools Despite Ransom Deal

Months after PowerSchool paid a ransom to contain a massive cyberattack, the education software provider is now facing renewed fallout — as the hacker behind the breach resurfaces to directly extort school districts.

 

The original attack, which occurred in December 2024, compromised personal data from more than 60 million K–12 students and over 9 million teachers across North America. PowerSchool initially claimed the situation had been resolved, citing a video from the threat actor allegedly showing data deletion following the ransom payment.

 

But this week, the company confirmed that multiple school districts have since received extortion demands from the same attacker, who is now leveraging the stolen data at a local level. According to a source familiar with the situation, at least four school boards have been contacted so far.

 

In a public statement, PowerSchool acknowledged the new threats, saying the hacker is using data consistent with the original breach. The company has alerted law enforcement in both the U.S. and Canada and is assisting affected clients.

 

“We deeply regret that our customers are being re-targeted by these bad actors,” the company said, adding that paying a ransom never guarantees the data will truly be destroyed.

 

Previously reported leaked files included highly sensitive information such as students’ mental health notes, disciplinary records, and family court orders — raising significant privacy concerns as individual districts now face direct pressure from cybercriminals.

 

This incident highlights the enduring risks of ransomware, even after a ransom is paid.