On January 7, 2025, PowerSchool reported that its student information system had been breached, which affected North Carolina Public Schools students and educators, as well as schools around the world that utilize PowerSchool. For more information from PowerSchool about the breach and its response, please click on the following documents:
PowerSchool SIS Customer Letter & PowerSchool Fact Sheet on Next Steps
Additional FAQs for PowerSchool Cybersecurity Incident for North Carolina
Since the breach was reported, Wayne County Public Schools (WCPS) has learned the full scope of what the global data breach means locally. Essentially, tens of thousands of data fields were exposed in the breach, affecting all WCPS students, educators, administrators, and other professional staff dating back to the state’s adoption of PowerSchool in 2013 and up to the school district's movement to Infinite Campus student information system at the beginning of the 2024-2025 school year..
While WCPS student social security numbers were not exposed in the breach, student data fields that were compromised include:
Names of students, parents/guardians
Physical address
Mailing address
Date of birth
Gender and Ethnicity
Student Identification Number
Email address and phone numbers of parent/guardian
Emergency contact information
Limited medical alert information
Social security numbers were exposed for North Carolina public schools educators who have or who had PowerSchool accounts. Other types of data fields that were compromised include:
Name
Street address
Home phone number
Email addresses
PowerSchool confirmed that the breach was conducted by threat actors who held the data hostage in return for a ransom. The data breach occurred when the credentials of a PowerSchool contract employee were compromised. PowerSchool reported that the threat was contained and that the compromised data was not shared and has been destroyed. PowerSchool is working with law enforcement to monitor the dark web for any data exposure.
PowerSchool currently advises that there is no evidence that credit card or banking information was involved. Additionally, PowerSchool has confirmed that there were no actions that Wayne County Public Schools or the North Carolina Department of Public Instruction could have taken to prevent this cybersecurity incident.
Impacted families and staff will receive a notification email from PowerSchool in the coming weeks with the offer of:
Identity protection: PowerSchool will be offering 2 years of complimentary identity protection services for all students and educators whose information was involved.
Credit monitoring: PowerSchool will also be offering 2 years of complimentary credit monitoring services for all adult students and educators whose information was involved.
Credit monitoring agencies do not offer credit monitoring services for individuals under the age of 18. If a parent/guardian enrolls an individual under the age of 18 in the offered identity protection services, the individual, upon turning 18, will have the opportunity to enroll in credit monitoring services for the duration of the 2-year coverage period.
WCPS would like to remind school employees, parents, and students that additional bad actors may try to take advantage of confusion caused by this incident. PowerSchool advises that it will never contact individuals by phone or email to request personal or account information and that anyone trying to do so is likely to be a scammer.
Notices will be provided by PowerSchool to each individual affected and will include a description of the categories of personal information that was compromised and the identity protection monitoring services that will be offered. Experian will also be providing a call center to answer questions.
Separate and apart from these services that are being provided by PowerSchool, any individuals impacted should be urged to take precautionary steps to avoid identify theft, including the following:
Review your financial statements and accounts for any suspicious activity.
Stop identity thieves from getting new credit in your name by placing a security freeze on your credit. Contact the Credit Bureaus to request a security freeze:
o Equifax: 1-800-349-9960
o Experian: 1-888-397-3742
o TransUnion: 1-888-909-8872
Individuals can get a special Protected Consumer security freeze to help protect a child against identity theft.
Continue to review your credit reports every few months. Your private information released in the security breach may not be used immediately. To get your free report, go to
www.annualcreditreport.com or call 1-877-322-8228.
In the event it is needed, staff, students, parents, or guardians can also contact the North Carolina Department of Justice for assistance with a security freeze: https://ncdoj.gov/protecting-consumers/protecting-your-identity/free-security-freeze/.