Attorney General Ken Paxton has filed a lawsuit against PowerSchool, a California-based education technology company, after a massive data breach compromised the private information of more than 880,000 Texas school-aged children and teachers.
The breach, which occurred in December 2024, exposed an extraordinary volume of sensitive data—including names, Social Security numbers, physical addresses, disability records, medical histories, special education details, and even school bus stop information.
According to the attorney general’s office, hackers exploited a subcontractor’s account to gain administrative access and transferred vast amounts of unencrypted data to a foreign server.
PowerSchool, which provides widely used cloud-based software for K-12 schools across the nation, bills its platform as an industry leader in student data management. The company claims its technology meets the highest security standards and offers “state-of-the-art protections” to safeguard student and teacher information.
However, Paxton’s lawsuit alleges that basic, industry-standard protections were never implemented.
Among the cited deficiencies:
- Lack of multi-factor authentication for administrative accounts;
- Inadequate access controls to sensitive databases;
- Failure to properly encrypt sensitive data, leaving it vulnerable to theft.
Officials argue that this negligence stands in direct contrast to PowerSchool’s public assurances of data security, amounting to misrepresentation and deceptive trade practices.
The lawsuit contends that PowerSchool’s conduct violates the Texas Deceptive Trade Practices Act as well as the Texas Identity Theft Enforcement and Protection Act, both of which require companies to take reasonable measures to prevent unauthorized access to personal information.
“If Big Tech thinks they can profit off managing children’s data while cutting corners on security, they are dead wrong,” said Paxton. “Parents should never have to worry that the information they provide to enroll their children in school could be stolen and misused. My office will do everything we can to hold PowerSchool accountable for putting Texas students, teachers, and families at risk.”
The breach raises safety concerns given the nature of the stolen information. Experts warn that combining details like home addresses, disability data, and school bus stop locations could facilitate not only identity theft, but also physical dangers to children.
PowerSchool did not respond to Texas Scorecard’s request for comment before publication.
No ads. No paywalls. No government grants. No corporate masters.
Just real news for real Texans.
Support Texas Scorecard to keep it that way!
