The cybergang behind a massive PowerSchool data breach is now attempting to directly extort schools and districts across the US and Canada — despite PowerSchool reportedly paying an undisclosed ransom for the deletion of the stolen data.

According to BleepingComputer, PowerSchool was given “reasonable assurances from the threat actor that the data had been deleted and that no additional copies exist.” However, such claims are difficult to verify, and the renewed wave of extortion attempts is fueling concern that the stolen data remains in circulation.

In response to the reports,, PowerSchool released an official statement acknowledging that “a threat actor has reached out to multiple school district customers in an attempt to extort them using data from the previously reported December 2024 incident.” The company emphasized that this is not a new breach, as the sample data provided by the extortionists matches the records stolen last year.

Several Canadian school authorities, along with public school districts in North Carolina, have confirmed they are among the targets of this new campaign. Officials fear the blackmail effort may soon expand to other districts impacted by the breach.

Discovered on December 28, 2024, the hack was one of the largest in US history involving student data. Files contained sensitive information, including Social Security numbers, health records, disciplinary histories, and academic performance.

PowerSchool’s K-12 software supports thousands of schools and over 60 million students across North America. Alarmingly, the attackers gained access using just a single set of stolen credentials.

Worse still, investigations revealed that the unauthorized access had been active for months — dating back to at least August 2024. In some cases, the breach was so extensive that it exposed all historical records of students and teachers.