Memphis-Shelby County Schools files lawsuit in federal court over student data leak
Computer matrix background (Photo by Markus Spiske/Pexels)
Memphis-Shelby County Schools (MSCS) has filed a lawsuit against a software provider it says was negligent during a major nationwide hacking incident.
According to a news release from the Frantz Law Group that’s representing MSCS, the school district has paid PowerSchool more than $21 million over the last 12 years for data management, including highly sensitive personal identifiable information. Attorneys say PowerSchool failed to notify school districts for two weeks following last December’s data breach of student and teacher data.
The lawsuit claims the software provider failed to implement basic cybersecurity measures that could have prevented the data breach, that included information on names, addresses, Social Security numbers, and phone numbers.
"PowerSchool failed to uphold its end of the bargain to safeguard and protect students' personal information," said Frantz Law Group attorney William Shinoff. "The education community reasonably relied on PowerSchool's claims of privacy and security, but the software provider breached numerous contractual and legal duties it owed Memphis-Shelby schools and other districts across the country."
Attorneys say PowerSchool has acknowledged that it paid a ransom to hackers, but it’s possible student and parent information could be sold on the dark web, and there have been reports of hackers directly extorting school districts that use PowerSchool.
Memphis-Shelby County Schools has filed its lawsuit in the U.S. District Court of Southern California. PowerSchool is headquartered near Sacramento, California. The district is seeking damages caused by the company’s alleged negligence, including expenses, handling concerns of staff and students, and lost resources remediating the impact of the data breach.
District leaders sent a statement to the Tennessee Firefly on May 28, saying they made the decision to join the lawsuit to “advocate for stronger security measures from PowerSchool,” but have nevertheless, opted to enter into a short-term renewal with the company.
“All school systems are required to have and maintain a student information system, and MSCS has used PowerSchool for over a decade. While we are constantly evaluating all of our vendors and the larger competitive market landscape for essential services, any decisions to discontinue such a robust and unique product as PowerSchool and identify suitable alternatives cannot happen overnight. This is a process that will take time. Short-term renewal with PowerSchool provides us the opportunity to continue evaluating our options while doing nothing to impact our claims against PowerSchool,” wrote the district in a statement.
Updated to include a statement from the district.
