Memphis-Shelby County Schools files lawsuit in federal court over student data leak

Memphis-Shelby County Schools (MSCS) has filed a lawsuit against a software provider it says was negligent during a major nationwide hacking incident.

According to a news release from the Frantz Law Group that’s representing MSCS, the school district has paid PowerSchool more than $21 million over the last 12 years for data management, including highly sensitive personal identifiable information. Attorneys say PowerSchool failed to notify school districts for two weeks following last December’s data breach of student and teacher data.

The lawsuit claims the software provider failed to implement basic cybersecurity measures that could have prevented the data breach, that included information on names, addresses, Social Security numbers, and phone numbers.

"PowerSchool failed to uphold its end of the bargain to safeguard and protect students' personal information," said Frantz Law Group attorney William Shinoff. "The education community reasonably relied on PowerSchool's claims of privacy and security, but the software provider breached numerous contractual and legal duties it owed Memphis-Shelby schools and other districts across the country."

Attorneys say PowerSchool has acknowledged that it paid a ransom to hackers, but it’s possible student and parent information could be sold on the dark web, and there have been reports of hackers directly extorting school districts that use PowerSchool.

Memphis-Shelby County Schools has filed its lawsuit in the U.S. District Court of Southern California. PowerSchool is headquartered near Sacramento, California.

The district is seeking damages caused by the company’s alleged negligence, including expenses, handling concerns of staff and students, and lost resources remediating the impact of the data breach.