Nate Raymond reports: A Massachusetts man has agreed to plead guilty to hacking cloud-based education software provider PowerSchool and stealing data pertaining to millions of students and teachers that hackers used to extort the company and school districts into paying ransoms. Matthew Lane, 19, entered into a plea deal on Tuesday to resolve charges filed…
Category: Education Sector
$28 million in Texas’ cybersecurity funding for schools left unspent
How often have we heard about cyberattacks affecting Texas school districts? And how often have we heard that k-12 districts are underfunded for cybersecurity and/or don’t have trained personnel? Yet when they are offered money, many districts have not availed themselves of the support. Why? Brian New, Lexi Salazar, Scott Fralicks, and Mike Lozano have a somewhat…
Cyberattacks on Long Island Schools Highlight Growing Threat
I’d called it an “ongoing threat,” but …. Maggie MacAlpine reports: In a concerning development, over 20 school districts across Long Island have fallen victim to cyberattacks, compromising the personal data of more than 10,000 students. According to state education records, 28 incidents were reported in 2024 alone, affecting districts such as Great Neck, Smithtown,…
Education giant Pearson hit by cyberattack exposing customer data
Lawrence Abrams reports: Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned. Pearson is a UK-based education company and one of the world’s largest providers of academic publishing, digital learning tools, and standardized assessments. The company works with schools, universities, and individuals in over 70…
PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
Here’s today’s reminder not to waste your money paying criminals to delete data. After PowerSchool became aware of a hack in December 2024, they paid the then-unnamed attacker(s) to delete data. They subsequently informed their affected clients that they had observed the data deletion and believed that the data had been deleted, and that there…
Call for Public Input: Essential Cybersecurity Protections for K-12 Schools (2025-26 SY)
As posted at K12 SIX: The K12 SIX Technical Working Group is pleased to open a call for public input into the fourth annual update and revision to the K12 SIX Essential Cybersecurity Protections Series. The goal of the K12 SIX Essential Cybersecurity Protections is to communicate the most important defenses that K-12 school systems…