News Summary
Memphis-Shelby County Schools has sued PowerSchool following a significant data breach affecting nearly 500,000 individuals. The lawsuit cites negligence and failure to maintain cybersecurity, potentially compromising sensitive information of students and staff. With PowerSchool’s delayed notification and ransom payment to hackers, the case raises serious concerns about data security in the education sector. MSCS plans to discuss renewing a contract with PowerSchool despite ongoing legal issues connected to the breach, which has triggered similar lawsuits from other school districts nationwide.
MEMPHIS – Memphis-Shelby County Schools (MSCS) has initiated a lawsuit against PowerSchool, a provider of software for student information systems, resulting from a significant data breach affecting nearly 500,000 individuals. This breach, disclosed in late December 2024, has potentially compromised sensitive information belonging to current and former students, as well as faculty and staff members.
The lawsuit alleges that PowerSchool exhibited negligence, breached its contract, and engaged in false advertising. MSCS has accused the software company of failing to uphold adequate cybersecurity measures that could have thwarted the breach. These measures include essential practices such as multi-factor authentication and data encryption. Additionally, attorneys involved in the case indicated that the breach has jeopardized personal information for more than 62 million students and their families nationwide.
The timeline of the breach indicates that hackers accessed PowerSchool’s systems on December 28, 2024. However, it took about two weeks for PowerSchool to notify MSCS of the incident. MSCS claims to have invested over $21 million in PowerSchool’s services over the past twelve years, showcasing a long-term reliance on the company for its data management needs.
Of particular concern are the types of sensitive information that may have been compromised in the breach. Information at risk includes names, addresses, social security numbers, email addresses, medical data, grades, GPAs, bus stop assignments, student portal passwords, and phone numbers. The possibility that this data could be sold on the dark web exacerbates the urgency for immediate action.
In the aftermath of the breach, it has been reported that PowerSchool paid a ransom to the hackers. Critically, the lawsuit claims that inadequate notification methods were provided to the impacted individuals, placing the responsibility of communication on MSCS. In response to the situation, MSCS is planning to conduct an audit of PowerSchool’s databases through a third-party firm as part of their legal strategy.
The lawsuit also contains requests for both compensatory and punitive damages, attorneys’ fees, and a demand that PowerSchool enhance its cybersecurity protocols significantly to prevent future occurrences. The ongoing case is not isolated, as multiple school districts across the United States have begun similar legal actions against PowerSchool following the breach.
In light of these developments, MSCS is expected to discuss the renewal of a substantial $2.3 million contract with PowerSchool in an important business meeting scheduled for May 27. This contract discussion not only highlights MSCS’s financial commitment but also poses questions regarding its continued partnership with a company now facing serious allegations related to data security.
A spokesperson for PowerSchool expressed that the company is actively working to resolve issues with its customers and reiterates its commitment to supporting students, teachers, and families. Despite this statement, the concerns raised by MSCS reflect a broader distrust in the cybersecurity capacities of PowerSchool, particularly given the substantial number of individuals affected by this incident.
The outcome of this lawsuit could have significant implications not only for MSCS but also for the overall education sector, particularly regarding how educational institutions select and interact with service providers responsible for handling sensitive student data. As this case unfolds, it will be critical for educational authorities and stakeholders to monitor developments closely and adjust their cybersecurity strategies accordingly.
Deeper Dive: News & Info About This Topic
HERE Resources
Memphis Schools Sue PowerSchool Over Major Data Breach
Memphis Schools File Lawsuit Against PowerSchool After Data Breach
Additional Resources
