Skip to main content
District
  1. All District Departments
  2. Evaluation, Research, & Accountability Services
  3. PowerSchool Data Breach Information

PowerSchool Data Breach Information

February 2025 Update

Cabarrus County Schools places great importance on safeguarding the privacy and confidentiality of its students and staff. As part of this commitment, we will promptly inform you if we have reason to believe that the security of your information may have been compromised.  In January 2025, PowerSchool notified the North Carolina Department of Public Instruction (NCDPI) and North Carolina public schools about a cybersecurity incident that impacted student and teacher and staff data across their global client base via the PowerSchool Student Information System (SIS). This incident was not isolated to North Carolina. PowerSchool has shared that all impacted data has been contained and destroyed, and PowerSchool is working alongside law enforcement to monitor the dark web for any activity involving exposed data.  Cabarrus County Schools has confirmed that CCS student and staff information was included in this breach, and this email provides some additional information on next steps being taken by PowerSchool related to this incident.

PowerSchool has begun the process of filing state attorneys general notifications across applicable U.S. jurisdictions on behalf of its customers.  As of early February 2025, PowerSchool will begin providing formal legal notice of the cybersecurity incident to current and former students (or their parents/guardians as applicable) and educators whose information was determined to be involved.   

Identity and Credit Monitoring

  • A direct email notification will be distributed by Experian on behalf of PowerSchool in the coming weeks to applicable current and former students (or their parents/guardians as applicable) and educators for whom PowerSchool has sufficient contact information. This email sender will be Ps-sis-incident@mail.csid.com.  The email notice will include further information about the information of theirs involved and the resources PowerSchool is offering. 
  • PowerSchool has coordinated with Experian to set up a toll-free call center for families and educators in case they have questions about these offerings: 833-918-9464

Additional Resources

PowerSchool has launched a website and distributed a media release to ensure they reach as many involved individuals as possible and provide them with resources to protect their information. The following two websites provide additional information. 

  • PowerSchool Breach Information
    • Background on the data breach
    • Enrollment information in complimentary identity protection services to students and educators whose information was involved.  The website indicates that enrollment is required by May 30, 2025.
    • FAQ Document for Families
    • FAQ Document for Educators
  • DPI PowerSchool SIS Incident Website

Keep in mind that this data breach occurred within PowerSchool and was not limited to Cabarrus County Schools or even North Carolina   If you have questions specific to Cabarrus County Schools, please reach out to info@cabarrus.k12.nc.us.  

 

 

 

January 2025 Update

Background of PowerSchool Data Breach:

On the afternoon of Tuesday, January 7, PowerSchool alerted North Carolina public schools and the North Carolina Department of Public Instruction (NCDPI) to a cybersecurity incident impacting student and teacher data across their global client base. This incident was not isolated to North Carolina; it impacted PowerSchool clients globally. PowerSchool is a student information system (SIS) that has been in use in North Carolina since 2013. 

On December 28, 2024, PowerSchool became aware of a cybersecurity incident involving unauthorized access to student and teacher data. The data breach occurred when the credentials of a PowerSchool contract employee were compromised. The threat actors used the compromised account to download student and staff data tables from schools around the world.

PowerSchool has shared that the threat has been contained and that the compromised data was not shared and has been destroyed. PowerSchool is working with law enforcement to monitor the dark web for any data exposure.

As the party responsible for the breach, PowerSchool will conduct all necessary notifications once the investigation is completed to ensure appropriate and accurate compliance with local, state and federal requirements and laws. PowerSchool has informed all impacted Public School Units (PSU). All PSUs that currently or previously utilized the PowerSchool SIS were impacted by the data breach to some degree. A limited number of student social security numbers were exposed, specifically less than 1,000 students’ social security numbers were in the data from the 12 years PowerSchool administered North Carolina’s  student information system. More teachers’ social security numbers were impacted than students. PowerSchool is analyzing the data and has shared that they plan to begin the notification process by the end of January.

Both PowerSchool and independent security consultants have also confirmed that there were no actions that NCDPI or any PSU could have taken to prevent this global cybersecurity incident.