CASE BACKGROUND
PowerSchool is one of the largest providers of cloud-based software for K-12 education in the United States. It collects and maintains highly sensitive personal identifiable information (PII) for over 60 million students, parents, and school faculty worldwide. PowerSchool acquires this information through education technology products that it sells to schools and school districts.
On or around December 28, 2024, PowerSchool lost control of PII when it was stolen by cybercriminals who accessed it via a compromised login (data breach). This data breach was atypical because it affected consumers who had no relationship with PowerSchool and never consented to it collecting and storing their PII. The cybercriminals gained unauthorized access to names, birth dates, addresses, parent/guardian names, parent/guardian phone numbers, tax information numbers, and private health information such as medical conditions and allergies.
In early January 2025, PowerSchool began notifying some of their customers that their data was impacted, and that most of the accessed PII included sensitive information pertaining to students under the age of 18.
Plaintiffs allege that PowerSchool failed to maintain reasonable security safeguards and protocols to protect its users’ unencrypted PII, and it lacked proper controls to determine which students, parents, and faculty were impacted by the data breach. Its failure to timely detect and report the data breach made plaintiffs and class members vulnerable to identity theft without any warnings to monitor their financial accounts or credit reports to prevent unauthorized PII usage. Even when plaintiffs and the class were finally notified, PowerSchool failed to adequately describe the data breach and its effects, as well as the measures it took to prevent future occurrences.
CASE FILED
On February 7, 2025, the Joseph Saveri Law Firm, LLP and co-counsel filed a complaint on behalf of a class of nationwide customers against PowerSchool Holdings, Inc. and PowerSchool Group, LLC. The suit, filed in the United States District Court for the Eastern District of California, alleges defendants violated state and federal laws and harmed thousands of their current and former customers by failing to adequately protect their information, adequately notify them about the breach, and concealing the nature of the breach.
Plaintiffs and the class seek damages and injunctive relief to remedy PowerSchool’s security failures, credit monitoring or repair services to protect the class, and reasonable attorneys’ fees and costs.
CONTACT US
If you wish to inform us of any unfair business practice, antitrust or competition issue, or comment on one of our cases, please use the form below. There is no cost or obligation for our review of your case. We agree to protect your name and all confidential information you submit against disclosure, publication, or unauthorized use to the full extent under the law. Please note that completion of this form does not contractually obligate our firm to represent you. We can only represent you if both you and our firm agree, in writing, that we will serve as your attorney. Please read our disclaimer.