Special to IFN

RALEIGH – N.C. Attorney General Jeff Jackson on Thursday announced that he is investigating the recent PowerSchool data breach that impacted more than 62.4 million current and former students and teachers across the country, including nearly 4 million people in North Carolina.

“I’m a parent who uses PowerSchool, so I know what millions of North Carolina families are concerned about with this data breach,” Jackson said. “I’m investigating PowerSchool to determine if they broke any laws in this process, and I’ll take additional legal action if necessary. We’ll continue working to guard our state from data breaches and hold those who fail to properly protect information accountable.”

PowerSchool sells software products used by schools across the country, including all the public schools in all 100 counties in North Carolina. In December 2024, a hacker gained access to that software, potentially exposing Social Security numbers, addresses, names of minors, and medical and disciplinary information.

In North Carolina, businesses and organizations that fall victim to a data breach are required to report the breach and the information that was compromised to the North Carolina Department of Justice. In 2024, more than 2,258 businesses, hospitals, government agencies, and other organizations reported data breaches to the North Carolina Department of Justice – the most in state history. These breaches affected a record-breaking nearly 6.7 million North Carolinians. More about data breaches in North Carolina in 2024 is available HERE.

Here are helpful tips on how to protect your devices and networks from data breaches:

♦ When you update antivirus and security software, don’t just do it on your laptop. Also look at updates for your smart phone, smart watch, your TV, your tablet, and smart speakers.

♦ Don’t open emails, click links, or download attachments from unverified senders.

♦ Take a close look at emails before you click on links or download attachments. If something seems off – the sender’s email address, uncharacteristic spelling errors, a strange time of day to be receiving an email, or an unexpected email altogether – send it to your IT department or reach out to the sender directly to ask them. It is always better to be safe than sorry.

♦ Use strong passwords and update them regularly.

♦ Use different passwords for your various accounts and websites so if one is compromised, it won’t give someone access to other accounts.

♦ Double-check who you’re sending information to and what you’re sending – never send more than what is necessary.

♦ Sign out of accounts and clear saved passwords, especially if you share a device with others, including your family members.

♦ If you have confidential data in your office or workstation, make sure it’s secure when you step away or leave for the day.

♦ Make sure you secure your data and devices. If you can, add tracking to your devices so you know where they are even if they get lost or stolen.

♦ If something is lost or stolen, tell your IT team immediately. Even if it turns up later, your IT team may be able to take action to protect or wipe any confidential data on the device.

♦ Limit who has access to confidential data and what devices it’s stored on. The fewer storage locations for that data, the lower the risk that it’s stolen.

♦ Don’t use public Wi-Fi to make purchases, access your bank accounts, or log into any websites that have personal information. Public Wi-Fi networks are not secure, so they’re much more susceptible to hackers.

♦ Have a plan in place for how you or your organization will respond to a ransomware attack. Make sure to include a plan on how to properly notify employees, customers, or other people whose data you store.

♦ If you believe you may have been the victim of a hack, request a free security freeze, contact our office, and monitor your credit report and bank accounts for errors and irregularities.

LEARN MORE

To learn more, visit www.ncdoj.gov/securityfreeze.

Leave a Reply