The Toronto District School Board (TDSB) has issued a warning to parents and staff regarding a renewed cyber threat linked to a significant data breach involving PowerSchool, a leading education technology provider. The public disclosure, made on Wednesday, follows an earlier incident where PowerSchool admitted to an extortion attempt after mitigating an initial ransomware attack in December 2024 by paying off the hackers.
Although the company believed it had contained the situation by making the ransom payment, the perpetrator resurfaced, this time targeting various school districts including TDSB, demanding a ransom payment again based on data acquired from the December breach.
Details of the Initial Data Breach
In late December 2024, PowerSchool was compromised in a ransomware attack that impacted numerous educational institutions, including the TDSB, which is Ontario’s largest school board. The incident, which took place between December 22 and 28, affected over 6,500 school districts across North America. Following the breach, PowerSchool notified its clients, including TDSB, on January 7, 2025, and took immediate action by paying the requested ransom to the threat actor. In exchange, the hacker provided a video claiming to show the deletion of stolen data, leading PowerSchool to believe the crisis had been resolved.
The Emergence of a Second Extortion Attempt
However, this sense of security was quickly dismantled. In a letter to parents and guardians, TDSB Director of Education Clayton La Touche confirmed that the board had been targeted again, receiving fresh extortion communication from the hacker. This message included claims of possessing sensitive data obtained during the prior breach and a new demand for ransom.
In his letter, La Touche emphasized the significance of the incident, stating, “We wanted to share important updates about this cyber incident involving PowerSchool, the platform used for managing student information.” TDSB is reportedly not alone in facing these threats; at least four other school boards have received similar extortion messages, raising broader concerns in the education sector.
TDSB’s Cybersecurity Response
In light of the latest developments, TDSB has activated its cybersecurity response protocol. The board is collaborating closely with PowerSchool to thoroughly investigate the nature of the threat and assess any potential data compromise. “We are still determining the specific information that may have been accessed or exported from the application,” TDSB stated, while also reassuring stakeholders that PowerSchool reported the unauthorized data had been deleted and was not posted online.
Still, the revival of extortion attempts has led to skepticism regarding the efficacy of these measures, prompting TDSB to inform the Ontario Information and Privacy Commissioner. The board has committed to transparently disclosing any confirmed exposure of personal information as it arises.
Position of PowerSchool
In response to the ongoing threats, PowerSchool publicly stated its belief that these extortion attempts do not signify a new breach but rather a continuation of the December incident. The company has engaged law enforcement in both the United States and Canada and notified all clients using its Student Information System (SIS) about the resurgence of threats.
PowerSchool expressed regret over the situation, underscoring the difficult choice it faced in paying the initial ransom to protect its clients. The company acknowledged that despite receiving purported evidence of data deletion, there always existed a risk that the hacker would not adhere to their part of the agreement.
Implications for the Educational Sector
As the investigation continues, TDSB and other affected institutions must re-evaluate their security protocols, vendor relationships, and incident response strategies. The situation underscores the critical need for stronger cybersecurity measures across educational institutions, particularly those reliant on external platforms.
Currently, parents, students, and staff are left navigating uncertainty regarding the potential exposure of their personal data. TDSB has affirmed its commitment to keeping the community informed as more information becomes available, assuring stakeholders that proactive measures are being taken to address and mitigate the ongoing threat.
Related
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
