Kinney echoed these concerns, accusing PowerSchool of breaching its responsibility to protect sensitive information. “Plaintiff and class members relied on defendant to keep their private information confidential and securely maintained,” Kinney said in her complaint.
Nationwide Impact of the Breach
PowerSchool serves school districts across the U.S., providing management, communication, and educational technology services. This role grants the company access to vast amounts of sensitive data, making its security failures particularly significant, according to the lawsuits.
Kinney’s suit seeks to represent a nationwide class of individuals whose PII was stolen, alleging negligence, invasion of privacy, breach of fiduciary duty, unjust enrichment, and breach of implied contract. Buack-Shelton’s complaint includes similar claims, adding violations of the California Consumer Privacy Act. Both lawsuits seek damages, injunctive relief, and coverage of legal costs.
PowerSchool’s Response
A PowerSchool spokesperson acknowledged the Dec. 28 cybersecurity incident, stating that the company immediately activated response protocols and involved third-party cybersecurity experts. The spokesperson claimed the breach caused no operational disruptions and emphasized the company’s commitment to protecting data privacy.
