Wake up call for parents after North Carolina student data compromised in breach

WILMINGTON, N.C. (WECT) – Student names, birthdates, school grades, test scores and more could be compromised due to a statewide data breach of a private software company called PowerSchool.

The company is a hub for essential data on students, teachers, and staff in North Carolina Public Schools.

The State Department of Public Instruction says hackers compromised the credentials of a contract employee to access the data.

The state says PowerSchool is still looking into what information the hackers accessed.

We know tonight the state notified Pender County Schools that none of the system’s data was included in this breach. Administrators at other school systems say they were told they do not need to take any technical steps right now because of the breach.

Parents can take steps to protect their child’s private information at home.

If you suspect your child’s information has been used, check to see if they have a credit report.

Children under 18 years old typically don’t have credit reports. Some may have a credit report if they’re authorized users on their parent’s credit card, it could be due to an error from a Credit Agency, and lastly, it could be someone using their identity,

Thieves typically target children’s social security numbers because they have no credit blemishes and the fraudulent activity may go unchecked for years because they typically wouldn’t need credit.

A cybercrime expert believes hackers, in this case, might not have been targeting children.

“The hackers targeted weak systems. There is the mechanism by which these groups identify their targets and it’s always the slowest Zebra in the herd”, says Terry Rankhorn, Cybersecurity expert and founder of Rankhorn Associates.

Rankhorn says they didn’t target children because they don’t have too many assets to utilize, they targeted a weak spot in a system, in this case, PowerSchool. It’s called ransomware attacks. He says the data would only be deleted based on the word of the hackers. And there is nothing stopping them from asking for more ransom after getting rid of data.

Rankhorn does describe what hackers could do with your child’s information.

“You just can’t walk into a bank and make up a name and social security number and open a bank account. What you can do is open a bank account with real information from real people. Likely that’s what they’d be doing, in conjunction with the fact, they can use your personal details when they’re arrested so they can obscure their identity and be released”, says Rankhorn.

Rankhorn says students, parents, and teachers could be victims of zero-fault victimization because they needed to give information and it wasn’t properly protected.

Here’s what parents can do to help their children:

1. Check their credit report, if there is anything unusual, contact the credit bureau immediately.

2. Consider buying a credit monitoring product, that will track their reports, allow you to freeze their credit, and send you alerts. It’s important to know credit monitoring products cost a monthly fee.

Several Public Schools in our area have shared a statement regarding the data breach.

Pender County:

“Pender County Schools has received confirmation from PowerSchool that we were not impacted by the recent data breach involving their platform. According to an email from PowerSchool Communications, their forensic investigation determined that the incident did not affect any information related to our district.”

Brunswick County:

“The North Carolina Department of Public Instruction has informed all school districts that no immediate technical actions are required. NCDPI is collaborating with PowerSchool to identify the affected instances and determine which data fields were compromised. PowerSchool will also continue to provide communication materials for parents and the community.”

New Hanover County:

“Dear Parents and Guardians,

I hope this message finds you well. I want to share some important information about our student information system (SIS). Recently, the North Carolina Department of Public Instruction (DPI) informed us of a data breach involving PowerSchool, the company that manages our SIS data. PowerSchool serves as the official student information system for all public and charter schools across North Carolina, storing and managing critical information about students, staff, and families.

We understand this news may cause concern. While we are still gathering details about the breach, we have been informed that the incident was caused by administrative tools to which only PowerSchool has access. It is important to note that no actions by DPI or individual schools could have prevented this incident.

We are actively working with DPI and PowerSchool to assess the full extent of this nationwide breach and to identify any necessary steps to safeguard our community’s information.

The safety, privacy, and well-being of our students, staff, and families remain our highest priorities. We are committed to transparency and will provide updates as soon as additional information becomes available.

Thank you for your understanding, trust, and patience as we navigate this situation.

Sincerely, Christopher R. Barnes, Ed.D. Interim Superintendent New Hanover County Schools”

We will continue to follow this story for any more updates.

Copyright 2025 WECT. All rights reserved.