I feel like this is a euphemistic way of saying "we paid the ransom" without actually saying "we paid the ransom."
this post was submitted on 09 Jan 2025
60 points (98.4% liked)
Mildly Infuriating
35857 readers
507 users here now
Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.
I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!
It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.
Rules:
1. Be Respectful
Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.
Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.
...
2. No Illegal Content
Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.
That means: -No promoting violence/threats against any individuals
-No CSA content or Revenge Porn
-No sharing private/personal information (Doxxing)
...
3. No Spam
Posting the same post, no matter the intent is against the rules.
-If you have posted content, please refrain from re-posting said content within this community.
-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.
-No posting Scams/Advertisements/Phishing Links/IP Grabbers
-No Bots, Bots will be banned from the community.
...
4. No Porn/Explicit
Content
-Do not post explicit content. Lemmy.World is not the instance for NSFW content.
-Do not post Gore or Shock Content.
...
5. No Enciting Harassment,
Brigading, Doxxing or Witch Hunts
-Do not Brigade other Communities
-No calls to action against other communities/users within Lemmy or outside of Lemmy.
-No Witch Hunts against users/communities.
-No content that harasses members within or outside of the community.
...
6. NSFW should be behind NSFW tags.
-Content that is NSFW should be behind NSFW tags.
-Content that might be distressing should be kept behind NSFW tags.
...
7. Content should match the theme of this community.
-Content should be Mildly infuriating.
-At this time we permit content that is infuriating until an infuriating community is made available.
...
8. Reposting of Reddit content is permitted, try to credit the OC.
-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.
...
...
Also check out:
Partnered Communities:
Reach out to LillianVS for inclusion on the sidebar.
All communities included on the sidebar are to be made in compliance with the instance rules.
founded 2 years ago
MODERATORS
In the FAQ, PowerSchool confirmed that the security incident was not ransomware in nature, but noted that it worked with CyberSteward, a Canadian organization that offers cyber-extortion incident response services, to negotiate with the threat actors responsible for the breach.
This confirms previous reporting that PowerSchool was the target of an extortion-only attack and that it paid a financial sum to prevent the hackers from publishing the stolen data.
It is
But that is hardly a step toward assuring anything was deleted. Do the criminals really have a reputation at stake for keeping their word? Wouldn't that require we can confirm their identity?
It boils down to their reputation, which is honestly the only thing they truly have.
If they have a reputation of leaking date afterwards nobody is going to pay in the future.
So afaik, they don't resell or give it away. They also send "proof of deletion", but how fool proof that is is another question entirely.
I'm over this, "we were too incompetent and failed at our job, so your personal information is in the hands of a bad entity. Sry, here's "monitoring".
No. How about you fucking pay me and suffer consequences instead? If you can't afford to pay thousands to every affected individual and continue being a business, you don't get to be a business anymore. Equifax and Change Healthcare are two companies I did not opt into using, but had to, and they both fucked up and lost all of my most sensitive information. People should be in jail and I should have thousands of dollars more in compensation. Instead, I got $7 from Equifax and offered free monitoring from CHC. Make it so it's debilitating when sensitive information is lost, and maybe places would take security more seriously.
I heard an interview with a (US) lawyer specializing in data breaches. They pointed out the fine print of accepting monitoring often includes releasing the offering company of liability, agreeing to arbitration, things like that
I looked but didn't see that in writing for my change healthcare situation, but I sure didn't take the free monitoring because I'm waiting for the class action, and I have assumed that would disqualify me.
It's just insulting. Sorry we may have fucked up your life and you have no recourse, but here's a sticker.
What does this even mean? Did the hackers pinky swear or something?
They paid the ransom.
And they think hackers will honour their word?
They often do. If they didnt, people wouldnt pay the ransom.
I made a similar comment elsewhere. Are the hackers identifying themselves such that they have a reputation that means something? If so, how do we know they are the reputable hackers and not just using the name of the reputable hackers?
In blackmail cases, the scammers typically keep coming back for more and more money.
Reputable blackhat hackers often use an online portal where they show proof.
Lesser known ransomware gangs are definitely known to try and double dip though.
That's why you should always check the reviews of any hacking organization before letting them hack you.
I had the same thought. What's stopping a new party from riding the clout of a "reputable" hacker?
There is a whole ecosystem at work where hackers can trade tools, collaborate, announce successes and confirm they are behind a breach.
The ransomware system relies on the majority of actors following through on their part of the bargain or no one would ever pay a ransom.
There are many parallels to how the majority of real world piracy was conducted.
I'm upset about this but I'm way more upset to be finding out about it from Lemmy instead of from my school district or PowerSchool directly. My Pennsylvnaia school district hasn't said anything about this.
Just got the email a couple hours ago, our district has been shut down all week though.
yeah my district hasn't sent anything out at all..
I read about it yesterday morning and my school district sent out an email The same evening. I believe had it not been published they would have stayed quiet.
All systems can be compromised no matter how secure. It sucks that we have to out our kids privacy at risk just to send them to school.
I wonder what the data entailed other than school name, student name, and grades?
EDIT: Found answer. It included social security numbers.
At this point it's on the US federal government. The "Social Security" system is entirely lacking in security.