In December, a hacker gained access to personal data for students and teachers across the world in the database for the PowerSchool student information system. PowerSchool told users that the hacker destroyed the data but now that same data is being used to get ransoms from individual school districts.
Ransom demands have been sent to school districts across the U.S. and Canada, including at least 20 North Carolina school districts and the North Carolina Department of Public Instruction. The hacker wants Bitcoin in exchange for destroying the data, according to Vanessa Wren, chief information officer for DPI.
“The North Carolina Department of Public Instruction has not and certainly will not engage with these threat actors,” State Superintendent Mo Green said at a news conference Wednesday. “We are prohibited by law from doing so as well.”
Wrenn said PowerSchool believes the new threat is coming from the same hacker who stole the data but can’t conclusively confirm that yet. Law enforcement in the U.S. and Canada are investigating.
POWERSCHOOL PAID RANSOM
“PowerSchool is aware that a threat actor has reached out to multiple school district customers in an attempt to extort them using data from the previously reported December 2024 incident,” PowerSchool said in its statement. “We do not believe this is a new incident, as samples of data match the data previously stolen in December.
“We have reported this matter to law enforcement both in the United States and in Canada and are working closely with our customers to support them. We sincerely regret these developments — it pains us that our customers are being threatened and re-victimized by bad actors.”
PowerSchool said it had faced a difficult decision whether to pay the ransom demanded by the hacker.
“In the days following our discovery of the December 2024 incident, we made the decision to pay a ransom because we believed it to be in the best interest of our customers and the students and communities we serve,” PowerSchool said. “It was a difficult decision, and one which our leadership team did not make lightly.
“But we thought it was the best option for preventing the data from being made public, and we felt it was our duty to take that action. As is always the case with these situations, there was a risk that the bad actors would not delete the data they stole, despite assurances and evidence that were provided to us.”
PowerSchool has provided free credit monitoring to people affected by the data breach. It urged people concerned about the data breach to go to https://www.powerschool.com/security/sis-incident/notice-of-united-states-data-breach/ to take advantage of the credit monitoring services.
NORTH CAROLINA RESPONSE
State officials did not release the names of the school districts that received the ransom demand in emails on Wednesday. But Green said those districts have been told not to engage with the threat actor.
The data breach goes back to 2013, when all North Carolina public schools began using PowerSchool, Shashi Buddula, Wake’s chief technology officer, previously told The N&O. In Wake County alone, the district says 461,000 student records and 92,000 teacher records could have been compromised.
In North Carolina, PowerSchool is used to record information such as student attendance, grades and class schedules. In a decision made before the latest breach, all North Carolina public schools will switch to using the Infinite Campus information system by July 1.
“It is certainly unacceptable that these families and public servants have had the data compromised again and going through what we just went through a few months ago,” Green said “It is completely unfortunate that the perpetrators are preying on innocent children and dedicated public servants.”
State Attorney General Jeff Jackson is investigating the data breach that impacted nearly 4 million North Carolinians.
©2025 The Charlotte Observer. Distributed by Tribune Content Agency, LLC.
