PowerSchool paid a hacker’s ransom, but now schools say they are being extorted

Tech Crunch - May 8th, 2025
Open on Tech Crunch

Months after education software provider PowerSchool paid a ransom to a hacker who stole student and teacher data, Toronto's district school board received an extortion demand. PowerSchool, which serves 60 million students across North America, confirmed the initial breach occurred in December 2024, when a hacker accessed sensitive data via a stolen credential. Despite paying the ransom, the data was not deleted as promised, leading to new extortion attempts in multiple North American districts, including Toronto and North Carolina. PowerSchool assured that the data matches the previously stolen information, indicating no new breach has occurred.

This incident highlights the risks associated with paying ransomware demands, as there are no guarantees that stolen data will be destroyed. Cybersecurity experts and law enforcement have long advised against paying ransoms for this reason. The breach's potential impact is significant, with historical data dating back to 2009 potentially affecting millions, raising concerns about data security in educational institutions and the vulnerability of student and teacher information. The ongoing situation underscores the need for robust cybersecurity measures and protocols to protect sensitive information in the education sector.

Cybersecurity Extortion Power School Ransomware Data Breach Toronto District School Board Education Sector
Story submitted by Fairstory

RATING

7.8
Fair Story
Consider it well-founded

The article provides a comprehensive and accurate account of the PowerSchool data breach and subsequent extortion attempts. It effectively highlights the ongoing challenges faced by educational institutions in securing sensitive data and the potential consequences of cybersecurity incidents. The article's strengths lie in its factual accuracy, timeliness, and public interest relevance, as it addresses a pressing issue affecting millions of students and teachers.

However, the article could improve by incorporating more diverse perspectives, such as those of cybersecurity experts and law enforcement officials, to provide a broader context on the implications of ransom payments and data security. Additionally, offering more actionable insights or recommendations for affected individuals and organizations could enhance the article's impact.

Overall, the article is well-written and engaging, with clear language and a logical structure. It successfully raises awareness about the importance of data security and the need for stronger measures to protect personal information in educational settings. By addressing these areas for improvement, the article could further enrich public discourse on cybersecurity and data protection.

RATING DETAILS

9
Accuracy

The story accurately reports on the key facts regarding the PowerSchool data breach and subsequent extortion attempts. It correctly states that PowerSchool was hacked in December 2024 through a stolen credential, which allowed access to sensitive data. This aligns with verified information that confirms the breach and the nature of the data accessed. The article also accurately reports that PowerSchool paid a ransom to the hacker to delete the data, although the exact sum remains undisclosed.

Additionally, the story correctly identifies that the Toronto District School Board and other schools in North America are experiencing extortion attempts using data from the breach. These claims are supported by statements from affected entities and PowerSchool itself, confirming the ongoing impact of the breach. However, the story does not specify the number of individuals affected, which remains unreported by PowerSchool.

Overall, the article's factual accuracy is high, with its claims well-supported by statements from involved parties and consistent with available data from reports on the incident.

7
Balance

The article provides a balanced view by including perspectives from both PowerSchool and affected school districts. It presents PowerSchool's rationale for paying the ransom and the company's efforts to manage the situation, as well as the experiences of schools facing extortion attempts. However, the article could benefit from including more viewpoints, such as cybersecurity experts or law enforcement officials, to provide a broader context on the implications of paying ransoms and the potential for data to be retained by hackers.

The article does not exhibit overt favoritism towards any party, but it could enhance balance by exploring the ethical and practical considerations of ransom payments in cybersecurity incidents. Including more diverse perspectives would provide readers with a more comprehensive understanding of the issue.

8
Clarity

The article is well-structured and clear in its presentation of information. It logically outlines the sequence of events, from the initial breach to the ongoing extortion attempts, making it easy for readers to follow the narrative. The language is straightforward and avoids technical jargon, ensuring accessibility to a general audience.

However, the article could improve clarity by providing more background on the broader context of ransomware attacks and the typical responses from companies and law enforcement. This would help readers understand the significance of PowerSchool's actions and the potential consequences of the breach. Overall, the article's clarity is strong, with minor areas for enhancement.

8
Source quality

The article relies on credible sources, including statements from PowerSchool and the Toronto District School Board, which are directly involved in the incident. These sources lend authority and reliability to the reporting. The article also references local media and TechCrunch, known for their coverage of technology and cybersecurity issues, adding to the credibility of the information presented.

While the article cites reputable sources, it could improve by including more detailed attributions, such as specific statements from cybersecurity experts or law enforcement agencies, to enhance the depth of the reporting. Overall, the source quality is strong, but there is room for further diversification and attribution.

7
Transparency

The article is transparent in its reporting, clearly stating the sources of its information and the basis for its claims. It mentions PowerSchool's refusal to disclose the ransom amount, highlighting a lack of transparency from the company. However, the article itself could improve transparency by providing more context about the implications of ransom payments and the potential for data retention by hackers.

The article does not disclose any potential conflicts of interest, but it would benefit from explaining the methodology behind the reporting, such as how information was obtained from sources like TechCrunch and local media. Enhancing these aspects would improve the overall transparency of the article.

Sources

  1. https://www.bleepingcomputer.com/news/security/powerschool-hacker-now-extorting-individual-school-districts/
  2. https://www.powerschool.com/security/sis-incident/notice-of-united-states-data-breach/
  3. https://www.nysed.gov/data-privacy-security/powerschool-data-breach
  4. https://www.bleepingcomputer.com
  5. https://beamstart.com/news/vc-firm-insight-partners-confirms-17467044891107

YOU MAY BE INTERESTED IN

Tech Crunch - May 8th, 2025

A timeline of South Korean telco giant SKT’s data breach

Score 6.8
Tech Crunch - May 2nd, 2025

Dating app Raw exposed users’ location data and personal information

Score 8.0
Forbes - Apr 25th, 2025

What SMBs Can Learn From Enterprise Threat Detection And Response Programs

Score 5.0
Forbes - Apr 5th, 2025

Key Cybersecurity Challenges In 2025—Trends And Observations

Score 5.8
Tech Crunch - Mar 31st, 2025

API testing firm APIsec exposed customer data during security lapse

Score 7.4