Another cyberattack hitslocal schools

Another cyber attack has breached an online tool local school systems use to manage student databases and registrations and also allow parents to track their child’s activities.

This is the second one in just five months to focus on PowerSchool, used by both the Clinton City and Sampson County school systems, as well as hundreds of other schools across the country.

Only Sampson County Schools has been impacted at this time locally, as part of this second attack.

Last Wednesday, May 7, parents, students, and staff were informed that PowerSchool had suffered another breach. The first one occurred in January when Powerschool was hit with a cyber attack from “threat actors.”

These attacks have impacted a myriad of school districts beyond Sampson County and North Carolina. Reports by North Carolina Department of Public Instruction (NCDPI) state that even school districts as far as Canada have been dealing with this issue for the same period of time. During the attack in January, that threat group asked for a ransom to be paid by PowerSchool, in the form of Bitcoin, and virtual crypto-currency. PowerSchool paid the ransom, with the understanding that all the information obtained by the threat group would be destroyed Instead of destroying that information, they apparently gave the same set of personal data (including names, addresses, and social security numbers) to another group of threat actors who are seeking a ransom as well.

Valerie Newton, director of Communications and Community Engagement for Sampson County Schools, stated “We understand that news of the recent PowerSchool data breach is concerning for our Sampson County Schools families and staff. We encourage everyone to take advantage of the free credit monitoring and identity protection services being offered by PowerSchool to help guard against identity theft. Should we receive any additional information from DPI or PowerSchool, we will share that with our staff and families.”

Clinton City Schools staff, on the other hand, are aware of the situation, but haven’t been as impacted, according to school officials.

John Lowe, director of technology for Clinton City, said the system has not been contacted directly by threat actors at this time. Lowe also insisted that parents, students, and staff utilize offerings by PowerSchool. Anyone wishing to sign up for the complimentary service has until July 1 to do so. NCDPI is advocating for this window to be extended.

The services include: two years of complimentary identity protection for all students and educators affected, and two years of complimentary credit monitoring for all adult students and educators affected

Dr. Jamie King, superintendent of Sampson County Schools, heavily suggested the same.

King said he had a child impacted by the cyber attack, so he was a believer in utilizing the services.

“I would suggest all seniors to do Equifax report to ensure that their information hasn’t been used in some form or fashion.” he stressed.

Compromising students’ credit can effect their applications for student loans, he pointed out. “It’s something they should definitely be aware of.”

Dr. Wesley Johnson, superintendent of Clinton City Schools, said he hopes the necessary authorities catch these culprits and soon.

“If these guys aren’t found and stopped, then what prevents this from happening again? They paid the ransom once, now they’re basically getting extorted again. Though we haven’t been impacted by this recent attack, I hope the issue gets resolved once and for all,” he attested.

DPI officials have already notified the appropriate law enforcement agencies, who are actively investigating the incident, a release about the attack noted. PowerSchool has taken full responsibility for the breach.

County school officials are urging students and parents, alike, not to open any suspicious links or emails related to this incident with content referencing in the first line of the email “We are Shiny Hunters.” They also insist it is best not to engage with anyone claiming to have the breached data.

“As we continue to work through this incident, we are committed to supporting students, families, and staff with transparency and care. Should we receive any additional information or updates, we will notify our families,” a release on the county schools’ website notes.

PowerSchool has reached out with a statement:

PowerSchool is aware that a threat actor has reached out to multiple school district customers in an attempt to extort them using data from the previously reported December 2024 incident. We do not believe this is a new incident, as samples of data match the data previously stolen in December. We have reported this matter to law enforcement both in the United States and in Canada, notified all PowerSchool SIS customers of the development, and are working closely with our customers to support them. We sincerely regret these developments – it pains us that our customers are being threatened and re-victimized by bad actors.

Any organization facing a ransomware or data extortion attack has a very difficult and considered decision to make during a cyber incident of this nature. In the days following our discovery of the December 2024 incident, we made the decision to pay a ransom because we believed it to be in the best interest of our customers and the students and communities we serve. It was a difficult decision, and one which our leadership team did not make lightly. But we thought it was the best option for preventing the data from being made public, and we felt it was our duty to take that action. As is always the case with these situations, there was a risk that the bad actors would not delete the data they stole, despite assurances and evidence that were provided to us.

In order to best mitigate this risk, we have also offered and made widely available credit monitoring and identity protection services for a period of two years to students and faculty of our PowerSchool SIS customers, regardless of whether they were individually involved.

We encourage all those who were offered these services to take advantage of them:

For individuals who reside in the U.S., you can find more information on identity protection services and credit monitoring here: https://www.powerschool.com/security/sis-incident/notice-of-united-states-data-breach/

For individuals who reside in Canada, you can find more information on identity protection services and credit monitoring here: https://www.powerschool.com/security/sis-incident/notice-of-canada-data-breach/

We recognize how this incident has affected our customers and are here to help as we navigate the path ahead together.