PowerSchool breach hits New Trier

Hackers access 35,000 student records as part of large ransom operation

Neil Sanderson, Editor-in-Chief
February 11, 2025

News

A threat actor illegally accessed the records between Dec. 19 and Dec. 24

In a major security breach of PowerSchool, the records of thousands of New Trier High School students and staff were illegally accessed in the final weeks of 2024. School officials at New Trier, alongside schools worldwide, were first notified on Tuesday, Jan. 7, and communication was sent out shortly after.

The exposed data contained the records of 35,000 former and current students, including home addresses, student ID numbers, and parents’ names. Of these, 11,500 records also included the social security numbers of students who attended New Trier between 1999 and 2017, per Chief Technology Officer Dr. Michael Marassa.

Based on his correspondence with PowerSchool, Marassa is confident that the data were deleted and are no longer available online.

“These companies want to get paid,” he said. “If they go out and put your data on the dark web and sell it again, they’re not going to get paid their ransom.”

The breach began on Dec. 18, when the threat actor initially accessed PowerSchool using the login credentials of an outside contractor employed by PowerSchool. The account lacked multi-factor verification and did not require VPN access, making it vulnerable. The hacker had obtained credentials for the account earlier that month and pulled student data from PowerSchool from Dec. 19 through Dec. 24.

On Dec. 28, the threat actors notified PowerSchool of the breach, and PowerSchool worked with a third-party company to negotiate a settlement in exchange for the data’s deletion.

In a statement updated on Feb. 7, PowerSchool said “the information exfiltrated for any given individual varied across our customer base.” Unlike some districts, the compromised data from New Trier’s records did not include highly sensitive information like medical, financial, and academic records.

“For the staff, it’s just their name, their email address, the department that they’re in—all things that you can get on our website,” Marassa explained. “The more significant information that was pulled as a part of this was students’ [personal information].”

Senior Bobby Feeney first heard about the breach through the email sent out by the school in January. While he isn’t overly worried, he acknowledged concerns about personal information exposure.

“I’m really not that worried about it, considering what is available on PowerSchool, it’s nothing that major,” he said. “The biggest thing is probably just my full name and address.”

Although they believe the data has been deleted, PowerSchool hired Experian, a financial company, to locate addresses of those affected by the breach and send letters offering two years of free credit monitoring and identity protection. The mailing includes current students and individuals from 1997 to 2017, with instructions on how to sign up via a website or phone. At New Trier, the IT Department has purged records that included social security numbers from their dataset.

Marassa was in frequent contact with PowerSchool and impacted local school districts throughout the response, including Wilmette D39, Winnetka D36, Sunset Ridge D28, and Avoca D37.

“New Trier has been a leader with working on this,” Marassa said, citing a 45-minute call he hosted with the PowerSchool CEO and superintendents and technology leaders in the area. “We’ve been acting as a conduit of information to some other school districts around the Chicagoland area.”

Marassa also believes that New Trier has become a prime target for cyberattacks due to its reputation. He noted that some early news reports incorrectly framed the breach as specific to New Trier, even though PowerSchool, serving 18,000 schools globally, was the actual target.

“We had to go to our communications department and have them correct that,” he said. “But we know, like everyone, we’re a high performing school, and we’re an affluent school district, so hackers would want to come after a district like us because there’s a lot of money to be made.”

While some are now taking aim at PowerSchool by launching lawsuits, Marassa is confident in their response and partnership moving forward. He thinks they’ve been a good partner and that breach incidents have, unfortunately, become common occurrences in the world today.

“From the get-go PowerSchool was very transparent,” he noted, “and who’s to say that I choose some other system and they don’t have a data breach?”

In the wake of the breach, PowerSchool has said they’re stepping up security practices, including requiring updated credentials for employees and restricting access to its technical support tools.

Feeney feels that PowerSchool is generally secure, though he mentioned other issues, such as New Trier students being unable to log in through the PowerSchool app.

“It is kind of multi-factored already,” he said. “But the app doesn’t work for me currently. The online’s the only one that’s working for me.”

Marassa, who’s worked in school technology for 20 years, said cybersecurity has emerged as a significant and evolving challenge in recent years.

“Cybersecurity was really not a huge issue up until 2018. When this started to happen, the threat actors really wanted to get in and attack people’s devices, lock a device down…to get a ransom out of school districts,” he explained. “Now, they want to get into critical systems and exfiltrate data because they feel like that’s the leverage point to get money out of it.”

Marassa said his team has made big strides and investments in online security, extending to phishing prevention software, which blocks 99% of phishing scams through school emails. In addition, both two-factor authentication and VPN access are required for New Trier employees working remotely. He’s planning to further improve password security for staff later this month and anticipates potentially increasing password requirements for students next school year.

“My hope is to educate our students and staff, specifically around these challenges, because they’re not stopping,” Marassa said.

The PowerSchool incident has also served as a reminder of the growing threat of cybersecurity attacks. With millions of unfilled jobs in cybersecurity, Marassa emphasized the need for people working in this field, even if they don’t see themselves as tech-savvy.

“If you’re a good problem solver, that’s what this work is. It’s figuring out patterns and strategies of what bad actors are doing,” he said. “And they keep getting better and better.”

Comments (0)

The comment section provides a space for readers to voice their opinions. The New Trier News wants to amplify the voices of our audience, so comments will not be censored based on a difference of opinion. However, we will not accept the following forms of commentary: Racism, homophobia, or any other sort of prejudice Anything against the school policy clearly stated in the New Trier Student Handbook Violent threats or any form of harassment toward our staff and/or sources Any obscene or inappropriate language Anonymous comments will not be approved. The comments will be monitored by managing editors in consultation with our faculty advisers.

Share your thoughts...

All New Trier News Picks Reader Picks Sort: Newest