PowerSchool Faces Texas Lawsuit Over 2024 Data Breach Affecting Millions
PowerSchool, a significant California-based education tech provider, faces legal action from the state of Texas following a substantial data breach in 2024. Texas Attorney General Ken Paxton alleges that PowerSchool misled customers about its security measures, leading to the exposure of sensitive information for millions of students and teachers.
The breach, which occurred in December 2024, compromised the student information system of PowerSchool, a company that serves K-12 schools. The system was accessed using stolen subcontractor credentials, highlighting PowerSchool's lack of robust security protocols, including multifactor authentication. The incident affected approximately 6,500 out of PowerSchool's 18,000 school district clients, impacting about 62.4 million students and 9.5 million teachers across the nation.
The exposed data included Texans' names, addresses, Social Security numbers, disability records, special education data, and bus stops. Despite marketing itself as meeting 'the highest security standards' and offering 'state-of-the-art protections', PowerSchool failed to safeguard this sensitive information. The breach was carried out by a Massachusetts college student, Matthew D., who pleaded guilty earlier this year.
Texas is suing PowerSchool, accusing the company of violating state laws regarding deceptive trade practices and identity theft protection. The lawsuit follows PowerSchool's alleged deception about its security protocols and failure to prevent the data breach. The case serves as a reminder for tech providers to uphold strict security measures to protect sensitive user data.
