Texas Lawyer Normal Ken Paxton has filed a lawsuit towards schooling software program firm PowerSchool, which suffered a large knowledge breach in December that uncovered the non-public data of 62 million college students, together with over 880,000 Texans.
PowerSchool is a cloud-based software program options supplier for Ok-12 faculties and districts, with greater than 18,000 clients and supporting over 60 million college students worldwide.
In January, the schooling software program large disclosed that its PowerSource buyer assist portal was breached on December 19, 2024, utilizing a subcontractor’s stolen credentials. The attacker demanded a $2.85 million ransom in Bitcoin on December 28, 2024, after stealing the total names, bodily addresses, cellphone numbers, passwords, guardian data, contact particulars, Social Safety numbers, and medical knowledge of impacted college students and school.
As BleepingComputer first reported, the menace actor behind the December 2024 PowerSchool breach claimed to have stolen the non-public knowledge of 62.4 million college students and 9.5 million academics from 6,505 faculty districts throughout the U.S., Canada, and different international locations.
“PowerSchool’s failures violate each the Texas Misleading Commerce Practices Act and the Identification Theft Enforcement and Safety Act by deceptive clients about its safety practices and failing to take affordable measures to guard delicate data entrusted by Texas households and college districts,” the Workplace of the Lawyer Normal of Texas stated.
“If Large Tech thinks they will revenue off managing kids’s knowledge whereas chopping corners on safety, they’re useless incorrect. Dad and mom ought to by no means have to fret that the data they supply to enroll their kids at school may very well be stolen and misused. My workplace will do every thing we are able to to carry PowerSchool accountable for placing Texas college students, academics, and households in danger,” Lawyer Normal Paxton added on Wednesday.
Attacker extorts faculties, pleads responsible
In a personal FAQ shared with clients and reviewed by BleepingComputer on the time, PowerSchool acknowledged that it had made a ransom cost to cease the info from being disclosed and acquired a video from the attacker claiming that the stolen knowledge had been erased.
Nevertheless, somebody claiming to be ShinyHunters started individually extorting faculty districts in early Might, threatening to launch the beforehand stolen pupil and instructor knowledge if a ransom was not paid.
The chief of ShinyHunters claimed to BleepingComputer that this individual was an affiliate falsely impersonating the hacking group, who tried to re-extort PowerSchool with knowledge stolen in an earlier September 2024 breach seen by CrowdStrike.
Later that month, 19-year-old school pupil Matthew D. Lane from Worcester, Massachusetts, pleaded responsible to orchestrating the huge cyberattack on PowerSchool with the assistance of a number of different conspirators and trying to extort tens of millions of {dollars} in alternate for not leaking the stolen knowledge of tens of millions.
Based on faculty notices and a DataBreaches.web report, the ransom calls for despatched to high school districts claimed to be from ShinyHunters, a high-profile group of menace actors linked to a big selection of breaches that had impacted a whole bunch of tens of millions of individuals.
In March, PowerSchool additionally revealed a CrowdStrike investigation into the incident, which revealed that menace actors had additionally breached PowerSource in August and September 2024, utilizing the identical compromised credentials. Nevertheless, the cybersecurity firm was unable to seek out proof that the identical attacker was answerable for all three breaches.
Replace 9/4/25: Added details about ShinyHunters affiliate.
46% of environments had passwords cracked, almost doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and knowledge exfiltration tendencies.
