ROCK SPRINGS – School districts involved in the December 2024 PowerSchool data breach have reportedly been contacted by someone allegedly attempting to extort them by claiming to have data from the breach.

An update posted to ParentSquare from Sweetwater County School District No. 1 Chief information Officer Stephanie Tolman Thursday evening states school districts have been contacted and PowerSchool doesn’t believe it is a new incident. The update does not disclose if the school district was contacted in an alleged extortion attempt or not. Tolman did not respond to an email from SweetwaterNOW as of publication time. An update will be published should additional information be provided.

Tolman said the district and PowerSchool are taking the incident seriously and PowerSchool has said it is working with cybersecurity experts and law enforcement in the United States and Canada. The district also reminds residents about PowerSchool’s two-year credit monitoring offer to students and school faculty. More information about that offer can be found here.

The deadline to apply is July 31.

PowerSchool was targeted in a data breach in late December 2024, with SCSD No. 1 issuing a public statement about the breach Jan. 9 after PowerSchool contacted the district Jan. 7. Information impacted in the breach included contact information, social security numbers and medical information. PowerSchool later paid a ransom to the group responsible for the breach in exchange for the deletion of the data, however it would appear the data was never deleted. Bleeping Computer, a website covering cybersecurity, notes the hacker claimed to have stole data for 62.4 million students and 9.5 million teachers across 6,505 districts in the United States, Canada, and other countries. The website also notes security experts and ransomware negotiators advise against paying a ransom after a security breach as hackers “are increasingly failing to keep their promise to delete stolen data.”