Attorney General Ken Paxton filed a lawsuit against PowerSchool, a California- based provider of cloud services for K-12 schools, following a data breach that compromised the personal information of more than 880,000 Texas students and teachers.
The attorney general’s office confirmed that the breath occurred in December 2024, when a hacker exploited a subcontractor’s account to access PowerSchool’s system. The attacker transferred sensitive, unencrypted information to a foreign server.
Information exposed names, addresses, Social Security numbers, medical records, special education data, and even several bus stop locations.
The data could potentially be used to physically locate children.
PowerSchool, which provides enrollment and student information systems to school districts across Texas, had marketed itself as offering “State-of-the-art protections” and “the highest security standards.”
According to the lawsuit the company failed to implement basic security features like multi-factor authentication, data encryption, and access control.
“These Failures are not just technical oversights-they are violations of Texas law,” said Paxton.
The suit alleges that PowerSchool misled consumers in violation of the Texas Deceptive Trace Practices Act and failed to protect personal data under the Identity Theft Enforcement and Protection Act.
“If Big tech thinks they can profit off managing children’s data while cutting corners on security, they are dead wrong,” Paxton commented. “Parents should never have to worry that the information they provide to enroll their children in school could be stolen and misused.”
The lawsuit seeks civil penalties, injunctive relief, and increased protection for Texans whose data has been compromised.