About 50 department employees and 20 local education agencies received alarming messages from the cybercriminals. Officials are urging everyone to avoid engaging with the senders.
“Bad actors—especially those with criminal intent—are very skilled at data scraping, harvesting, and profiling individuals,” said Craig Petronella of Petronella Cybersecurity and Digital Forensics. With decades of experience, Petronella offered his insights into the latest breach involving contractor PowerSchool.
At a press conference, State Superintendent Mo Green provided further details.
“This morning, threat actors contacted several employees and public schools across North Carolina, including NCDPI, showing they had access to student and teacher records compromised during the school information system cybersecurity incident reported back in January,” said Green. “These individuals are now attempting to extort our public schools.”
PowerSchool clarified in a statement that this is not a new breach but involves the same data accessed last December.
“We know the data wasn’t destroyed and is still out there. Credit monitoring and identity theft protection are available—at no cost—to all current and former educators, students, and families. This service is open through July 31,” said Vanessa Wrenn of the Department of Public Instruction.
Wrenn confirmed North Carolina isn’t alone in this—states like Oregon and parts of Canada were also affected.
“I want to express my deepest regret to students, parents, teachers, and district staff impacted by this breach. We’re committed to protecting your personal information and preventing further compromise,” Green added.
In response to the breach, North Carolina will end its partnership with PowerSchool and adopt Infinite Campus, a newer, more comprehensive platform, starting in July.
ABC11 contacted the Attorney General’s office regarding possible legal action against PowerSchool or efforts to track the hackers. Officials stated the investigation launched in February is still ongoing.
Petronella noted that these investigations take time.
“It’s about collecting and analyzing evidence—understanding how the breach occurred. Was it a loophole, outdated software, or unencrypted data?” he explained.
Employees, students, and parents can still enroll in free credit monitoring via the NCDPI website. This helps prevent identity misuse, including fraudulent job applications, credit card openings, or changes to personal records.
