North Carolina school districts are grappling with extortion threats following a significant data breach involving PowerSchool that occurred in December 2024, compromising sensitive information of students and teachers.

The breach has led to the exposure of personal data, including names, contact details, birth dates, Social Security numbers, and some medical alerts.

In response to the breach, PowerSchool disclosed that it paid a ransom to the hacker and received a video purportedly showing the deletion of the stolen data, although experts remain skeptical of such claims.

The North Carolina Department of Public Instruction (NCDPI) has notified law enforcement, which is currently investigating the incident.

State Attorney General Jeff Jackson is also investigating the breach, which has affected nearly 4 million residents across the state.

NCDPI is working closely with affected districts to assess the situation and respond effectively, urging individuals to report any suspicious communications related to the breach.

Officials are advising anyone who suspects their data may be compromised to report it immediately and to monitor for unusual activity.

Overall, the situation underscores broader challenges in the K-12 sector regarding data security and the need for immediate action to safeguard student information.

To mitigate the impact of the breach, PowerSchool is offering two years of free identity protection and credit monitoring services to those affected, although many parents feel this is insufficient.

Green, the NCDPI Superintendent, emphasized that the department will not engage with ransom demands, adhering to legal prohibitions against such actions.

This incident highlights the urgent need for enhanced cybersecurity measures in schools to protect sensitive student information.

There is uncertainty regarding whether the same attackers from the previous breach are involved in the current ransom attempts, as indicated by NCDPI officials.