PowerSchool Cybersecurity Info and Resources
The following letter and locally-developed FAQ were shared with OCS Families on Tuesday, January 14, 2025:
OCS Families,
The PowerSchool Student Information System has been in use at all North Carolina public schools since 2013. On the afternoon of Tuesday, January 7, 2025, PowerSchool alerted the North Carolina Department of Public Instruction (NCDPI) to a cybersecurity incident impacting student and teacher data across their global client base. This incident was not isolated to North Carolina and impacted potentially millions of students and staff across the nation.
On December 28, 2024, PowerSchool became aware of a cybersecurity incident that began on December 19, 2024, involving unauthorized access to student and teacher data. The data breach occurred when the credentials of a PowerSchool contract employee were compromised. PowerSchool has shared that the threat has been contained and that the compromised data was not shared and has been destroyed. PowerSchool is working with law enforcement to monitor the dark web for any data exposure.
On the evening of January 10, 2025, we were notified that Onslow County Schools (OCS) student and teacher information was part of the data which was impacted by the breach. OCS has been made aware how many records have been impacted, what data may have been compromised, and the specific number of records involved. We have also been informed that no student social security numbers were included in the breach.
PowerSchool will be responsible for conducting all necessary notifications to ensure appropriate and accurate compliance with local, state and federal requirements and laws.
PowerSchool has confirmed that there were no actions that Onslow County Schools or NCDPI could have taken to prevent this cybersecurity incident. Neither our schools nor NCDPI have administrative access to PowerSchool’s internal administrative connection where the breach occurred.
Protecting student and educator data is a top priority, and we are taking this matter very seriously. OCS and NCDPI are committed to protecting our students and staff, and we are actively advocating for each of them as we navigate this incident.
Thank you for your support, and we will keep you updated as more information becomes available.
PowerSchool Data Breach: FAQs
1. What happened?
On December 19, 2024, a cybersecurity incident occurred at PowerSchool, the Student Information System used by all North Carolina public schools and many districts nationwide. This incident involved unauthorized access to student and teacher data due to compromised credentials of a PowerSchool contract employee.
2. How did the breach occur?
The data breach resulted from a compromised account belonging to a PowerSchool contract employee. Unauthorized individuals gained access using this employee's credentials, allowing them to access sensitive data.
3. What information was affected?
The specific data impacted is still under investigation by PowerSchool. Onslow County Schools has received confirmation regarding the types of data and the number of records involved. Both student and teacher data were compromised, but we have been informed that the breach included no student social security numbers.
4. Was this breach isolated to Onslow County Schools?
No. The breach impacted PowerSchool's global client base, potentially affecting millions of students and staff across the nation. Onslow County Schools is just one of many districts involved.
5. What is PowerSchool doing about the breach?
PowerSchool has taken steps to contain the threat and confirmed that the compromised data was not shared and has been destroyed. They are actively working with law enforcement to monitor the dark web for any signs of data exposure. PowerSchool is also conducting a thorough investigation to determine the extent of the breach and will notify affected individuals in compliance with applicable laws.
6. Could Onslow County Schools have prevented this incident?
PowerSchool has stated that neither Onslow County Schools nor the North Carolina Department of Public Instruction could have prevented the breach. The incident occurred within PowerSchool's internal administrative connection, an area where neither the school district nor NCDPI have administrative access.
7. What is Onslow County Schools doing to protect student and teacher data?
Onslow County Schools is committed to protecting student and staff data and is taking this matter very seriously. We are working closely with PowerSchool and the NCDPI to address the situation and ensure appropriate actions are taken. The district will continue to update families as more information becomes available.
8. What should I do if I'm concerned about my child's information?
Stay informed by checking for updates from Onslow County Schools and PowerSchool. You can also monitor your child's accounts for any suspicious activity.