The State of Texas is suing PowerSchool after a 2024 breach exposed the data of over 62 million students and nearly 10 million teachers, including sensitive records of 880,000 Texans.

The lawsuit alleges that the company misled customers about its security while failing to implement basic safeguards, such as multifactor authentication. Without MFA, attackers gained access using stolen credentials, leading to ransom demands and the exposure of Social Security numbers, medical data, and even student bus stops.

The case underscores that organizations not only risk breaches without MFA, but also potential lawsuits and liability for failing to take reasonable security measures.

Via BleepingComputer