News that hackers may have accessed private information managed by PowerSchool hit school districts across the country and in Michigan at the end of December 2024, reaching the public at large in early January. The vendor is utilized contractually on a consortium basis in schools around Washtenaw County.
On Monday, Nov. 3, Chelsea School Board members passed a resolution to join the lawsuit launched last spring in U.S. District Court in Southern California.
The lawsuit itself, spearheaded by Frantz Law Group, alleges that PowerSchool failed “to take precautions to secure highly sensitive information provided by thousands districts.”
Although school officials around the region have said their districts weren’t impacted by the breach, Chelsea school officials said there are still a lot of unknowns. Board members this week briefly debated the virtues of taking the step to join the lawsuit, rather than wait and be added with other PowerSchool customers on the back end of the litigation.
However, Superintendent Michael Kapolka said the district “could potentially gain more” financially “by being named individually” early on.
Officials said there was no concrete proof how or if the district was harmed in the breach but speculated that moving forward in the lawsuit would also force PowerSchool, as Secretary Sara Tracy put it, “to get their act together.”
“If there’s an upside to being named in the suit, there isn’t a cost to it,” Vice President Glenn Fox said. “I do understand that if PowerSchool has to suffer damages, our price will go up. But our price will go up whether or not we’re named in the suit. … I think joining the suit is prudent. It protects our interests. It doesn’t mean we’re wedded to PowerSchool. Class-action lawsuits are relatively common with large vendors like this.”
The California-based lawsuit against PowerSchool and several affiliated holding entities has picked up more than 200 individuals and school organizations as plaintiffs.
Chelsea schools were referred by their legal counsel at Thrun Law Firm to join, and Kapolka said he expected more districts to follow, adding it was to be a point of discussion during a regional superintendents’ meeting on Friday, Nov. 7.
Criminal charges separately filed against one alleged perpetrator in a Massachusetts federal court reported PowerSchool’s breach to have exposed the information of roughly 60 million students and 10 million teachers nationwide.
But in Ann Arbor Public Schools, district officials said no Social Security numbers of students were compromised.
PowerSchool’s last formal update came in early May after the hacker allegedly reached out to multiple school district customers directly in an attempt to extort them.
Nineteen-year-old Matthew D. Lane was arrested this spring in connection to the breach.
According to court records, he allegedly conspired to extort an unidentified U.S.-based telecommunications company to pay a ransom of $200,000 in Bitcoin to avoid public disclosure of stolen data sometime in spring 2024.
The ransom demand was eventually lowered to $75,000.
By the end of last year, without receiving any payment, Lane allegedly leased a computer from a service in Ukraine and used an employee’s credentials to access students’ and teachers’ data from a software and cloud storage company later identified as PowerSchool.
Threatening release of information from more than 60 million students and 10 million teachers, the hacker reportedly demanded 30 Bitcoin, or roughly $2.85 million at the time. According to court records, other conspirators may have been involved in the alleged crimes and ransom demands.
Lane was arrested last spring, later pleading guilty to charges of cyber extortion conspiracy, cyber extortion, unauthorized access to protected computers and aggravated identity theft. In October, he was sentenced to two years in prison, three years of probation once released, a $25,000 fine and an order to pay over $14 million in restitution.
©2025 Advance Local Media LLC. Distributed by Tribune Content Agency, LLC.
