All active MDLs
MDL 3149Data Privacy & Security

PowerSchool Holdings, Inc., and PowerSchool Group, LLC Customer Data Security Breach Litigation

The breach was initiated by a ransom demand in December 2024, exploiting phishing emails targeting IT staff and unpatched vulnerabilities in third-party software. The attacker gained initial access through phishing, compromised administrative credentials, and deployed malware/scripts to exfiltrate data. The exfiltration was facilitated by exploiting unsecured data transfer channels. The causation is linked to PowerSchool’s negligence in patching known vulnerabilities and maintaining inadequate security controls, which directly led to the injuries of plaintiffs, including identity theft and privacy violations.

CASSr. District Judge Anthony J. BattagliaMaster docket 3:25-md-3149Source: JPML · Updated April 1, 2026

79

Pending actions

89

Total actions filed

Active

Status

04/07/2025

Established

Filing deadline

While specific deadlines for MDL-3149 are not publicly detailed, general California statutes of limitations range from 1 to 10 years. Federal deadlines are governed by recent JPML rules effective February 19, 2026, with claim deadlines often set prior to final court approval.

Who qualifies

The breach was identified on December 28, 2024. It involved the exfiltration of Social Security numbers, medical histories, student records, family and teacher information. Plaintiffs qualify if they can demonstrate actual harm such as identity theft, financial loss, or emotional distress resulting from the breach.

Products involved

  • PowerSchool Student Information System (SIS)
  • PowerSource customer support portal

Alleged injuries

  • identity theft
  • financial fraud
  • emotional distress
  • credit damage
  • future risks of identity theft

Bellwether trials

The first bellwether trial is scheduled for November 19, 2025, in Los Angeles Superior Court, with subsequent trials planned for June and August 2026. Recent similar case settlements have been approved, with payouts around $100 per class member.

Settlement landscape

Data breach class actions typically settle between $2,500 and $5,000 per affected individual. Notable settlements include over $560 million in securities class actions in 2024 and a $380.5 million settlement fund for a large data breach case.

Lead counsel

  • James J. Pizzirusso of Hausfeld LLP

This page is generated from the official JPML pending-MDL report and public court records, refreshed monthly. It is provided for attorney reference and is not legal advice.

MDL Match

Your next intake could have a mass tort hiding in it.

Screen it against 158+ active MDLs. Takes under 60 seconds.

Start matching now