North Carolina Attorney General Presses PowerSchool for Additional Information on Breach
North Carolina Attorney General Jeff Jackson (D) demanded educational platform PowerSchool share more information about its 2024 data breach that exposed the personal information of 4 million students, teachers and parents in the state, according to a press release Tuesday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
In February, the AG launched an investigation into the breach, which impacted more than 62.4 million people across the U.S. (see 2502060055).
“I’m demanding more information from PowerSchool about how this breach happened and who it affected, and what we learn will drive our next steps,” Jackson said.
The attorney general said he issued a Civil Investigative Demand (CID) for more information about PowerSchool's cybersecurity measures at the time of the breach, the security flaws that may have led to the breach and steps the company has taken to address its cybersecurity failures. He also requested information about PowerSchool’s communications with and assistance to those affected by the breach as well as response and actions immediately following it.
In May, a 19-year-old Massachusetts college student was charged and agreed to plead guilty to hacking PowerSchool’s network and causing the breach (see 2505220037).
The educational software company was sued in the U.S. District Court for Eastern California for negligence (see 2501220057) and by a Tennessee school system in the U.S. District Court for Southern California for breach of contract (see 2505120026).
The Privacy Commissioner of Canada, Philippe Dufresne, is also investigating the breach (see 2502110031).