MSCS files suit against software company after data breach leaked info to hackers
MEMPHIS, Tenn. — A lawsuit was filed Monday on behalf of Memphis Shelby County Schools against PowerSchool, a K-12 software provider the school district was using, after a data breach leaked 'highly sensitive' student information.
In December 2024, hackers stole student and teacher data from PowerSchool, the company confirms. PowerSchool says it became aware of the breach Dec. 28.
School districts were not notified of the breach until nearly two weeks later, according to the lawsuit.
Hackers claimed to have obtained information like names, addresses, Social Security numbers, and phone numbers from over 60 million students, parents, and faculty members worldwide.
MSCS says in the lawsuit it has verified that nearly 24,000 of the records are from schools in the district.
A news release from Frants Law Group states that PowerSchool paid a ransom to the hackers, 'but it is possible that personal information about students and parents has or will be sold on the dark web.'
Local grandmother contradicts MSCS statement about release of students' names
They say there have been recent reports of hackers doing exactly this — extorting school districts who are PowerSchool users.
Frantz Law Group filed the lawsuit on behalf of MSCS. They say the district has paid PowerSchool more than $21 million over the last 12 years for its services, which promised to keep their data safe.
The lawsuit includes accusations of negligence, breach of contract, and false advertising.
'The education community reasonably relied on PowerSchool's claims of privacy and security, but the software provider breached numerous contractual and legal duties it owed Memphis-Shelby schools and other districts across the country,' said William Shinoff, trial attorney with Frantz Law Group.
Gun pulled during fight at J. Alexander's restaurant: police
PowerSchool recently released a statement May 7 saying that a 'threat actor' has reached out to multiple school district customers trying to extort them using data from the December 2024 breach. They believe this is connected to the same incident.
'We sincerely regret these developments – it pains us that our customers are being threatened and re-victimized by bad actors,' said PowerSchool.
The company also noted its decision to pay the hackers a ransom after the initial incident last year, saying they felt it was the best option to prevent the data from being made public.
'We made the decision to pay a ransom because we believed it to be in the best interest of our customers and the students and communities we serve. It was a difficult decision, and one which our leadership team did not make lightly,' said PowerSchol. 'But we thought it was the best option for preventing the data from being made public, and we felt it was our duty to take that action.'
📡 for Memphis and the Mid-South.
📧 and have the latest top stories sent right to your inbox.
Through the lawsuit, MSCS is requesting actual and compensable damages caused by PowerSchool's negligence, including expenses associated with handling the concerns of students and staff who suffered the theft of their personal information, along with the lost time and money used to mitigate the effects of the data breach.
Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
2 hours ago
- Yahoo
Hackers leak 86 million AT&T customer records with 44 million social security numbers, report says
If you are one of the more than 100 million people who use AT&T, you might want to take stock of your data. Hackers said they accessed and leaked millions of AT&T customers' private information after the ShinyHunters group allegedly stole the data in April 2024, according to a new report from Hack Read. The report claimed some 86 million AT&T customer records have been leaked, including full names, dates of birth, phone numbers, email addresses, physical addresses, and social security numbers. In total, Hack Read reported that 44 million social security numbers were included in the leaked data. The social security numbers and birth dates were encrypted in the original hack by the ShinyHunters group, a leak that was made possible by security flaws in the Snowflake cloud data platform, as Mashable previously reported. Now, Hack Read has reported that this sensitive data is now decrypted. We asked AT&T about the reported leak of their customer data. An AT&T spokesperson told Mashable in a statement that "it is not uncommon for cybercriminals to re-package previously disclosed data for financial gain." "We are aware of claims that AT&T data is being made available for sale on dark web forums, and we are conducting a full investigation," the spokesperson added. So, if you're an AT&T customer, this means your valuable private data could be part of this new leak. However, if your data was exposed in this leak, it was likely — although not certainly — already exposed in the August 2024 National Public Data breach. Mashable previously reported on this breach, which exposed "three decades' worth of Social Security numbers on the online black market." You can find out if your data was exposed in that breach by using a tool from Pentester, a cybersecurity firm, to check. Visit enter your information, and see your list of breached accounts.
Yahoo
5 hours ago
- Yahoo
Waltham man found guilty of 2020 fatal stabbing on Halloween
A Waltham man has been found guilty of stabbing and killing his former housemate, Kevin Fitzgerald, on Halloween of 2020, according to the Middlesex District Attorney's Office. Jonathan Galindo, 38, was found guilty of second-degree murder and aggravated burglary following a three-week trial that began May 8, the DA's office said in a Friday news release. At 9:14 p.m. Oct. 31, 2020, Fitzgerald, 61, called 911 and told police he had been stabbed in his Waltham home and was dying, officials said. Police found him bleeding but conscious at the threshold of the home, and he told them he had been stabbed by a man wearing a ninja mask. Fitzgerald was brought to the hospital, where he died just after 10 p.m. He was stabbed three times in the chest, shoulder and thigh. An autopsy revealed that the chest wound, which punctured his lung, was fatal. At the home on Alder Street, police found blood, a knife, a fingerprint on the back storm door and a set of footprints in the snow leading to that door, according to the district attorney's office. Four days after Fitzgerald's death, police matched the fingerprint on the storm door to Galindo, who was Fitzgerald's former housemate and had moved out of the apartment that spring. DNA on the handle of the knife also matched Galindo, officials said. On Nov. 7, police received an arrest warrant for Galindo. They also found a black mask in his closet. Location data from Galindo's phone showed him at the Alder Street apartment on the night of Fitzgerald's death, officials said. The phone's internet search history also showed repeated searches for 'Any recent stabbings in Waltham last night?' the following day. A sentencing hearing for Galindo has been scheduled for 2 p.m. on July 15. DOGE team can access Social Security systems, US Supreme Court rules Springfield Pride headliner Dawn Richard told 'Diddy' jurors of threats, violence, abuse Mass. teacher arrested, accused of faking degrees and military history Chicopee police cruiser spotted in Philadelphia causes social media buzz Lil Wayne releases new album 'Tha Carter VI,' announces 2025 tour - Here's how to buy tickets Read the original article on MassLive.
Yahoo
5 hours ago
- Yahoo
Friday's Mini-Report, 6.6.25
Today's edition of quick hits. * I guess returning Kilmar Abrego Garcia to U.S. soil wasn't impossible after all: 'Kilmar Abrego Garcia has been returned to the U.S. to face federal human smuggling charges in Tennessee, the Justice Department said Friday, in a case that became emblematic of the combined coarseness and incompetence behind the Trump administration's immigration crackdown.' * In this 6-3 ruling, all of the Republican-appointed justices sided with the White House: 'A divided Supreme Court on June 6 said Elon Musk's Department of Government Efficiency can access to the data of millions of Americans kept by the U.S. Social Security Administration. The court paused a judge's order blocking DOGE from getting the data, which includes Social Security numbers, medical and mental health information, tax return information and citizenship records.' * Harvard's winning streak continues, but the White House's relentless offensive is ongoing: 'A federal judge on Thursday temporarily blocked President Donald Trump's efforts to block visas for foreign students planning to attend Harvard, after the Ivy League college filed a legal challenge.' * No one benefits from misguided steps like these: 'More than $12 million worth of contraceptives and HIV-prevention medications purchased by the U.S. government as aid for developing countries under programs thathavesince been discontinued will probably be destroyedunless officials sell or otherwise off-load them, an examination by The Washington Post found.' * The White House vs. the ICC: 'The Trump administration is slapping sanctions on four judges at the International Criminal Court over the tribunal's investigation into alleged war crimes by Israel in its war against Hamas in Gaza and in the West Bank.' * It's not a great sign when no one seems to know who's leading the CDC: 'The CDC, a $9.2 billion-a-year agency tasked with reviewing life-saving vaccines, monitoring diseases and watching for budding threats to Americans' health, is without a clear leader.' * This effort fell short, but it was interesting to see Republicans scramble: 'House Oversight Committee Democrats have once again failed to subpoena Elon Musk to testify on Capitol Hill. The panel rejected the minority party's request Thursday morning for the former DOGE chief to appear before lawmakers in a party-line, 21-20 votes.' * Should we assume that a generous settlement in this civil suit is inevitable? 'Five members of the Proud Boys, once convicted of masterminding the Jan. 6 breach of the U.S. Capitol, are accusing the federal government and FBI employees of violating their rights in connection with their prosecutions in a new lawsuit. ... The suit seeks $100 million in punitive damages.' * A New Jersey health official's recent inspection at the Trump National Golf Club in Bedminster did not go well: 'For more than three hours, the inspector tallied enough violations — a faulty dishwasher, poorly stocked sinks, improperly stored raw meat — to give the club a score of 32 out of 100, one of the lowest ratings earned by any establishment in Somerset County this year.' * Noted without comment: 'For sale at the White House: one bright red Tesla Model S. Should run fine; the owner just seems to have had buyer's remorse. Less than 24 hours after President Trump and Elon Musk engaged in a rancorous public spat, Mr. Trump has decided to sell the red Tesla he got in March, according to a White House official speaking on condition of anonymity because the person wasn't authorized to speak publicly.' Have a safe weekend. This article was originally published on
