The December 2024 breach exposed personal information of more than 62.4 million students and teachers nationwide, including nearly 4 million in North Carolina.
RALEIGH, N.C. โ North Carolina Attorney General Jeff Jackson has launched an investigation into a massive PowerSchool data breach that exposed the personal information of nearly 4 million North Carolina residents, his office announced Thursday.
The December 2024 breach allowed hackers to access the sensitive data of more than 62.4 million students and teachers nationwide through PowerSchool’s educational software platform. That system is used by public schools across all 100 North Carolina counties. Compromised information included Social Security numbers, addresses, names of minors, as well as medical and disciplinary records.
โIโm a parent who uses PowerSchool, so I know what millions of North Carolina families are concerned about with this data breach,โ Jackson said.
The incident contributes to a record-breaking year for data breaches in North Carolina. In 2024, the state Department of Justice received 2,258 breach reports from businesses, hospitals, government agencies, and other organizations. These security incidents affected approximately 6.7 million North Carolina residents.
โIโm investigating PowerSchool to determine if they broke any laws in this process, and Iโll take additional legal action if necessary,” Jackson said. “Weโll continue working to guard our state from data breaches and hold those who fail to properly protect information accountable.โย
PowerSchool provides educational software products to schools throughout the United States. The company’s breach represents one of the largest exposures of student data in recent history.
Last month, Charlotte-Mecklenburg Schools said neither it nor NC Department of Public Instruction had a breach of in-house data. However, the district said it’s unsure what specific data from PowerSchool was compromised. CMS is working alongside state education officials to ensure all required notifications are conducted as part of the investigation.ย
In a statement, CMS said the data breach was out of its control and couldn’t have prevented it from happening.ย
“It is important to stress that there is nothing that Charlotte-Mecklenburg Schools or NCDPI could have done to avoid this cybersecurity incident,” the district’s statement reads in part. “Neither our schools nor NCDPI have administrative access to the maintenance tunnel where the breach occurred.”ย
The South Carolina Department of Education is also monitoring the breach, saying in January that all but four districts statewide were impacted. The districts not impacted were Edgefield County School District, Greenville County Schools, Horry County Schools and Richland School District Two, indicating districts in the Charlotte area had information accessed.
About The Author
