Hackers Attempting To Extort School Employees via Email After Millions of Students’ Personal Data Leaked in Breach: Report
A recent investigation by cybersecurity firm CrowdStrike has revealed a disturbing trend in which hackers are attempting to extort education workers after a massive data breach affected millions of US school kids. In early this year, the breach exposed sensitive personal data of current and former students and educators, including names, contact details, dates of birth, limited medical alert information, Social Security numbers, and other related information.
The PowerSchool Student Information System (SIS) software, which operates in many schools across the US, was found to be compromised. This widespread breach has left millions of students' personal data at risk, including sensitive information that could be used for identity theft or other malicious purposes.
Months later, state school leaders and employees from at least 20 North Carolina school systems have reported receiving threatening emails from hackers demanding payment in cryptocurrency in exchange for keeping their data secret. The emails allegedly contain a ransom demand, threatening severe consequences if the demands are not met. Despite PowerSchool's assurance that the threat has been contained, cybersecurity experts are urging caution and warning individuals to take proactive measures to protect themselves.
Expert Warns of Increasing Sophistication of Cyber Attacks
Cybersecurity expert Doug Levin expressed concern about the escalating sophistication of cyber attacks in recent months. "We've seen incidents happening more frequently... They've been more sophisticated... And they have also been more significant in terms of their impact," Levin said. The increasing frequency and severity of these attacks highlight the need for schools and educational institutions to strengthen their cybersecurity practices.
Schools Scrutinizing Vendors and Partners
In response to this growing threat, many school systems are now scrutinizing their vendors and third-party partners more closely. This renewed focus on vendor vetting is aimed at ensuring that these organizations have robust cybersecurity measures in place. As Levin noted, "One of the things that school systems are doing now is also looking and asking questions of all of their vendors and third parties they do business with... They're shoring up their cybersecurity practices."
Protecting Yourself: A Simple Step
While PowerSchool's breach was a serious incident, there are steps you can take to protect yourself if your information is exposed in the future. According to Levin, "It is a simple step that you can take to provide some measure of protection against financial fraud against yourself... It is simply to freeze your credit records at the credit reporting agencies." By taking this proactive step, individuals can mitigate potential harm from data breaches like this one.
Conclusion
The recent breach affecting millions of US school kids serves as a stark reminder of the ever-present threat of cyber attacks. As schools and educational institutions continue to navigate these challenges, it is essential that they prioritize cybersecurity and take proactive measures to protect their staff, students, and sensitive data.