PowerSchool hackers attempt to extort money from North Carolina schools, staff
RALEIGH, N.C. (WTVD) -- The North Carolina Department of Public Instruction (NCDPI) issued a warning after hackers sent several emails attempting to extort victims of a recent data breach.
Around 50 employees from the department and 20 local education agencies received 'threatening' emails, and it's encouraging people not to engage.
"I could say that, you know, bad actors are really good, especially criminals with intent are really good at data scraping and harvesting and profiling information on people," said Craig Petronella with Petronella Cybersecurity and Digital Forensics.
Petronella has decades of experience in the cybersecurity and digital forensics field, and shared his insight on the latest incident involving management contractor Power School.
During a news conference, State Superintendent of Public Instruction Mo Green shared more information.
"This morning, threat actors reached out to a number of employees and public schools across the state and the North Carolina Department of Public Instruction, showing that they had obtained North Carolina students', teachers records initially compromised in the prior school student information system cybersecurity incident that was reported in January of this year. In addition, the threat actor attempts to extort North Carolina public schools," said Green.
Power School shared in a statement that there was not a "second data breach", and that the situation involves the same data sent in December.
"We do know that data is not destroyed, and it is out there. There is credit monitoring and identity theft protection available. That is open until July 31st. And it is at no cost to any one of our educators present and past and any one of our students and their families present and past," said Vanessa Wrenn, Department of Public Instruction.
Wrenn said North Carolina was not the only one affected; several other states, including Oregon, were affected, and even across Canada.
"I do want to express my regret to our students, parents, teachers, and school and district members that have been affected by this incident. I want you all to know that we support you and are working to ensure that your personal information isn't further compromised," said Green.
The state's partnership with PowerSchool ends this summer. In 2023, the state selected another software, Infinite Campus, as the new vendor beginning July 1. A spokesperson for the NCDPI told ABC11 that the switch is "the culmination of a two-year process."
Green said Infinite Campus was chosen because it has a more modern and comprehensive solution.
ABC11 reached out to the Attorney General's office about legal action against PowerSchool or attempts to find the hackers. The office said the investigation that was started in February is ongoing.
Petronella said the process can take some time.
"It's gathering the evidence, gathering the facts, organizing, looking at, well, what happened. Trying to piece together ...how they got in. Did they get in through a certain loophole? Was there outdated software that wasn't patched properly? Was there something that wasn't encrypted?" said Petronella.
Employees, students, and parents can sign up for credit monitoring on the State Department of Public Instruction website. It prevents anyone from using it to apply for jobs, credit cards, or change any personal information.
