One of the largest providers of education tech paid off hackers so that they wouldn’t publish tens of millions of children’s personal information. But school districts are facing extortion attempts anyway.
The company, PowerSchool, missed a basic cybersecurity step, according to a cybersecurity audit obtained by NBC News, and was hacked last year, leading to one of the largest breaches to date of American children’s personal data. PowerSchool reportedly paid an undisclosed sum to the hackers in exchange for a video of them purporting to delete the files they had stolen, which included some students’ Social Security numbers and other information, like health and disciplinary records.
But “a threat actor” is using that stolen data to try to extort schools and school districts in both the U.S. and Canada, according to statements from PowerSchool and various school districts issued Wednesday.
Read more at NBC News.
