PowerSchool data breach on North Carolina Piedmont-Triad

A global student information provider is informing hundreds of thousands of people across North Carolina that their personal information may have been impacted by a December 2024 data breach.In January, PowerSchool notified school districts that an unauthorized party obtained student and staff information stored in the system. This included public school districts in the Piedmont-Triad. Get the latest news stories of interest by clicking here”Since our last update, we have initiated the process of notifying involved individuals in the U.S. about the resources now available to them,” reads a statement on the official PowerSchool website, posted on Jan. 29. “As part of this process, we have posted a notice to our website and published a press release. Credit monitoring and identity protection services are now activated and available.”On Feb. 5, the North Carolina Department of Public Instruction confirmed that the social security numbers of 910 students had been stolen as a result of the data breach. WXII reached out to the school systems in our area to learn if they’d been impacted and how many students or staff members’ information may have been compromised. Note: At the time of this article, we have reached out to the following school districts and are still awaiting a response: Alleghany County SchoolsDavidson County SchoolsWilkes County Schools Alamance-Burlington School SystemAn ABSS spokesperson did not have any specific numbers from the breach but gave the following statement: “PowerSchool has started contacting the staff and or families affected by the security breach directly. PowerSchool is sending messages directly, which include information about a complimentary two-year identity theft and credit monitoring service through Experian. We notified staff and families that if they were included, they will receive an email from PowerSchool with more information.”Davie County SchoolsA spokesperson with the district shared the following statement: “We have notified current staff and students several times via email about the PowerSchool security breach and provided a direct link to the PowerSchool website page to access continuously updated information on the incident. Regarding the total number of staff and students, NCDPI or PowerSchool would be able to provide those numbers, as they are handling notifications to those impacted.”Watch: NOWCAST streaming newscastsGuilford County SchoolsDistrict officials told WXII that NCDPI and PowerSchool are handling notifications for the data breach and would have the number of people impacted. They also shared the initial message that was sent by GCS to alert families and staff of the incident. In that message, officials noted that “It is important to stress that there is nothing that Guilford County Schools or NCDPI could have done to avoid or prevent this cybersecurity incident. Neither our schools nor NCDPI have administrative access to the maintenance tunnel where the breach occurred.” GCS also shared a hyperlink that would take families and staff to a page on the PowerSchool website, indicating “what the company is doing to help people in the wake of its breach.”Randolph County SchoolsRCS did not share any numbers regarding how many students and staff members’ information may have been impacted. WXII received the following statement from officials: “PowerSchool is handling all notifications of current and former staff members as well as current and former students who have been impacted by this situation. Our communications to staff members and parents have also been posted on the district website here or here.” Rockingham County SchoolsA spokesperson for the district said the number of current and former staff members impacted is “in the thousands” while current and former students impacted is in the “tens of thousands.” They advised WXII to contact NCDPI for the exact number of staff and students involved.An additional statement provided by RCS said the following: “On or about Jan. 9, 2025, we sent our first notification in the form of a letter to all current RCS families and current staff providing information available at the time. Additionally, on Feb. 3, 2025, we sent a follow-up informational email to all current staff with the updated information provided by PowerSchool. Additionally, RCS has posted information about the cybersecurity incident on our district website. Beginning this week, our staff are receiving emails from PowerSchool advising what occurred and the benefits provided by PowerSchool depending on if the individual is a minor or adult.” Keep up with the latest news and weather by downloading the WXII app hereStokes County SchoolsDr. Brad Rice, the district’s superintendent, said he had not had direct contact with PowerSchool, adding that the company had the first-hand information and he did not feel comfortable stating any details from second or third-hand reports of specifics.”We are posting updates from NCDPI and PowerSchool on our websites and social media as we receive them,” Rice said in a statement to WXII. “This includes information on how to receive credit monitoring. Please check there for the most up-to-date information.”Surry County SchoolsSurry County Schools officials shared did not provide numbers but shared that they had initially reached out to students, staff and families on Jan. 10, to make everyone aware of the data breach. A second message was also sent by the district on Jan. 16, with more details on the potential impacts of the breach. “The North Carolina Department of Public Instruction has confirmed that an unauthorized party accessed data from Surry County Schools as part of this incident,” read the statement. “This incident was not isolated to North Carolina, as schools across the globe were impacted. PowerSchool has assured us that the threat is now contained, the accessed data was not shared, and any potentially compromised information has been destroyed. PowerSchool has added additional security measures and confirmed that there is no ongoing unauthorized activity in their systems.”District officials went on to share that PowerSchool would notify all impacted individuals directly and offer credit monitoring services to affected adults and identity protection services to affected minors. They also shared student data may include “personal information, some medical details, and grades, depending on the district.” For staff, data may include “Social security numbers and other personal details.” Winston-Salem/Forsyth County SchoolsWS/FCS shared a statement with WXII 12 that reads in part:”Last month, the state of North Carolina’s student information system provider, PowerSchool, notified Winston-Salem/Forsyth County Schools that an unauthorized party gained access to student and staff information stored in the system. Based on PowerSchool’s analysis, an estimated 28,000 current and former WS/FCS staff members and 150,000 current and former students were impacted by this data breach.”WS/FCS officials said that social security numbers for about 16,000 staff members were stolen. They also encouraged any students and staff from 2014 to 2024 to review options for identity protection and credit monitoring provided by PowerSchool.Yadkin County Schools Superintendent Anthony Davis did not provide specific numbers but told WXII that PowerSchool has begun to notify impacted families and staff members via email. “We have strongly encouraged all students and staff to enroll in the two years of free Experian monitoring offered by PowerSchool,” he said before sharing details and sign-up instructions on the company’s website. NAVIGATE: Home | Weather | Watch NOWCAST TV | Local News | National | News We Love |

Source link