— information courtesy of the office of N.C. Attorney General Jeff Jackson
A security breach of the company many public school districts have used as their data management system has affected about 4 million teachers, students and parents in North Carolina. N.C. Attorney General Jeff Jackson said he is demanding that the company, PowerSchool, disclose more information about exactly how the breach happened and how it affected as the investigation continues.
Students and staff affected by the data breach have until July 31, 2025, to enroll in free identity protection and credit monitoring (offered for adult students and educators) here. You can also find out more about setting up a free security freeze here.
“Last year’s data breach compromised the personal information of teachers, public school employees and families across North Carolina,” Jackson stated in a press release. “I’m demanding more information from PowerSchool about how this breach happened and who it affected, and what we learn will drive our next steps.”
Jackson issued a Civil Investigative Demand (CID) to PowerSchool that legally requires it to provide to him the following information:
· The exact number of North Carolinians impacted by the 2024 data breach.
· Details about PowerSchool’s cybersecurity measures that were in place to protect users’ personal information leading up to the breach.
· Which security flaws may have contributed to the breach.
· Information about PowerSchool’s response and actions in the immediate aftermath of the breach.
· Steps PowerSchool has taken to address the cybersecurity failures that contributed to the data breach and strengthen data protection methods.
· PowerSchool’s work to communicate with and assist consumers affected by the breach.
PowerSchool sells software products used by schools across the country, including public schools across North Carolina. In December 2024, a hacker gained access to that software, potentially exposing Social Security numbers, addresses, names of minors, and medical and disciplinary information. The breach impacted more than 62 million people across the country. PowerSchool later paid a ransom to the hacker to delete the information that was stolen, but a hacker then tried to extort North Carolina public school districts again.
Earlier this year, the U.S. Department of Justice charged 19-year-old Massachusetts college student Matthew Lane with hacking PowerSchool’s system and facilitating the 2024 data breach. Lane entered a plea deal with the federal government in May. Lane pleaded guilty to cyber extortion conspiracy, cyber extortion, unauthorized access to protected computers, and aggravated identity theft.