Almost all American public schools rely on PowerSchool, one of those businesses that most parents are unaware of. Millions of classrooms use the software in the background to manage student records, monitor attendance and grades, and help with everything from enrollment paperwork to parent-teacher communication. It affects the data of about 50 million teachers and students in North America, according to most estimates. Because of its magnitude, the cybersecurity incident in December 2024 was extremely concerning, and the increasing number of lawsuits against the company is significant.
Two separate legal battles are currently taking place concurrently. The first is a $17.25 million class action settlement that was granted preliminary court approval in February 2026. It addresses allegations that PowerSchool’s college and career readiness software, Naviance, which it acquired in 2021 when it acquired Hobsons Inc., was sending private student data to third-party analytics and advertising firms without meaningful consent. The second is a much larger multidistrict class action lawsuit that is currently pending in federal court. It is based on a December 2024 breach in which plaintiffs claim that approximately 50 million people’s private information was compromised. These cases are connected because they both mention PowerSchool and pose similar concerns regarding the organization’s data management practices. Their severity, timeliness, and scope differ.
The Naviance case began in 2023 when a student from Chicago Public Schools, identified only as Q.J. in court documents, claimed that the Naviance platform was using third-party tracking code from businesses like Heap, Google, and Microsoft that unlawfully intercepted student communications and private information. The Electronic Communications Privacy Act and similar state statutes in California and Illinois were cited in the complaint as “unlawful wiretapping” and “eavesdropping,” respectively. Student names, ID numbers, graduation years, demographic data, photos, survey answers, and private correspondence between students and teachers were purportedly intercepted. The lawyers contended that this was intentional integration of analytics and advertising infrastructure into software that schools believed was acting only in the best interests of students, rather than accidental data collection.
| Company Name | PowerSchool Holdings LLC (formerly PowerSchool Group LLC) |
|---|---|
| Parent Company | Bain Capital (acquired PowerSchool for $5.6 billion in 2024) |
| Company Type | Ed tech / student information systems and learning management software |
| Headquarters | Folsom, California, USA |
| Key Products | PowerSchool SIS (student information system), Naviance (college & career readiness platform) |
| Naviance Acquired From | Hobsons Inc. (acquired February 2021) |
| Lawsuit 1 (Naviance) | Q.J. v. PowerSchool Holdings LLC, et al. — filed 2023 |
| Naviance Settlement Amount | $17.25 million (preliminary approval: February 27, 2026) |
| Final Naviance Approval Hearing | August 19, 2026 |
| Naviance Claims Deadline | July 27, 2026 |
| Naviance Eligible Class | Students who logged into Naviance between Aug. 18, 2021 – Jan. 23, 2026 (~10 million+) |
| Lawsuit 2 (Data Breach) | Multidistrict class action — December 2024 breach |
| Data Breach Scope | Alleged exposure of personal data of ~50 million teachers and students |
| Co-Defendants (Naviance) | Hobsons Inc., Heap Inc. (now ContentSquare), Chicago Board of Education |
| Third Parties Named | Google, Microsoft, Heap, Hotjar, Gainsight |
| PowerSchool’s Position | Denies wrongdoing; settled “to avoid uncertainty, distraction and expense” of litigation |
| Reference Links | ClassAction.org — PowerSchool Settlement Details / K-12 Dive — PowerSchool Coverage |
A class of more than 10 million people who logged into Naviance between August 18, 2021, and January 23, 2026 must receive $17.25 million from PowerSchool as part of the February 2026 settlement. The final amount will depend on how many legitimate claims are submitted before the July 27 deadline, but individual payouts are estimated to be about $50 per person. Beyond the money, the agreement includes significant structural changes: PowerSchool has committed to cease using the Naviance platform’s Heap,
Google, Microsoft, Hotjar, and Gainsight tools for a minimum of two years; establish an internal governance committee to supervise the use of third-party technology; and update the platform’s privacy disclosures to reflect the actual data being collected and shared. Within ten days of the final judgment, Heap and other named third parties have agreed to remove stored data pertaining to Naviance users dating back to August 2021.
None of the defendants acknowledged any wrongdoing. A representative for PowerSchool told reporters that the company settles to “avoid the uncertainty, distraction, and expense” of ongoing litigation. This is standard language, but it also avoids the factual disagreement about what was really going on inside the Naviance software.
The case of the data breach is unique. A breach in PowerSchool’s student information system in December 2024 is said to have revealed personal information on a scale that cybersecurity experts found truly challenging to comprehend. It is difficult to condense the 50 million impacted people—teachers and students, many of whom are minors—into talking points about improved security and lessons learned. Following the breach, numerous states and districts filed lawsuits, which were combined into multidistrict litigation that is currently taking place in federal district court. PowerSchool’s statement that it is “continuing to invest in advanced security technologies” and collaborating with districts and regulators sounds cooperative, but it doesn’t go into great detail about what went wrong.
It’s difficult to ignore the fact that both cases are coming at a time when the ed tech industry as a whole is under unusual strain. Schools that relied heavily on digital platforms during the COVID-19 pandemic are now reevaluating some of those reliance for a variety of reasons, including cost, screen time, and the reasons these lawsuits have emerged. The nation is “much further ahead as a nation in thinking about what’s important in protecting student information than we are in what we need to do to secure it,” according to Doug Levin, who co-founded the K12 Security Information eXchange and has closely monitored both cases. In the end, these cases are about that discrepancy between declared values and operational reality. There will be months or years of litigation. The information has already been lost.
