After originally saying no data of Columbus County Schools was leaked in a nationwide hack of PowerSchool, the county school system as well as Whiteville City Schools now say data from each district was leaked in the attack.

Columbus County School’s statement released on Monday, January 13th:

On Tuesday afternoon, January 7th, PowerSchool informed North Carolina public schools and the North Carolina Department of Public Instruction (NCDPI) about a cybersecurity incident affecting student and teacher data across its global client base. Using compromised credentials, actors were able to download large amounts of teacher and student data. This issue is not unique to North Carolina, and affected many districts across the country.

The information coming from Powerschool initially indicated that Columbus County Schools was not part of the breached dataset. We released a statement to that effect on Thursday, January 9th. On Friday, January 10th, at approximately 9PM, we were notified that we are part of the data breach by NCDPI. When asked about the change in status, NCDPI stated:”We have received conflicting information from PowerSchool and therefore conducted our own verification with the help of the NCLGISA (North Carolina Local Government Information Systems Association) Strike Team.”

According to PowerSchool, the breach has been contained, and the compromised data was neither shared nor retained, as it has been destroyed. Additionally, PowerSchool is actively collaborating with law enforcement to monitor for any data exposure on the dark web. Our district, along with NCDPI, is working closely with PowerSchool to ensure all required notifications are completed, and the extent of the data breach is shared with the affected parties. It is important to emphasize that this cybersecurity incident was beyond the control of Columbus County Schools and NCDPI. Neither our schools nor NCDPI had administrative access to the specific system area where the breach occurred, nor had responsibility for maintaining system security.

In the coming days, affected students and staff will receive direct notification. Protecting the privacy and security of student and educator data remains a top priority, and we are committed to advocating for all those impacted as we address this issue with PowerSchool.

Please reach out to the superintendent’s office if you have any questions or concerns.

Sincerely,

Jesse E. Beck, II
Superintendent

Whiteville City Schools statement:

On the afternoon of Tuesday, January 7, PowerSchool alerted North Carolina public schools
and the North Carolina Department of Public Instruction (NCDPI) to a cybersecurity incident
impacting student and teacher data across their global client base. This incident was not
isolated to North Carolina. PowerSchool is a student information system (SIS) that has been in
use in North Carolina since 2013. Whiteville City Schools transitioned to the new SIS system
Infinite Campus July 1, 2024; therefore, the information remaining in Powerschool should be
very limited for our system. Around 9 pm on Friday, January 10, 2025 Whiteville City Schools
was notified with confirmation our data was in fact compromised.
On December 28, 2024, PowerSchool became aware of a cybersecurity incident that began on
December 19, 2024, involving unauthorized access to student and teacher data. The data
breach occurred when the credentials of a PowerSchool contract employee were compromised.
PowerSchool has shared that the threat has been contained and that the compromised
data was not shared and has been destroyed. PowerSchool is working with law enforcement
to monitor the dark web for any data exposure.
PowerSchool has indicated that it is not experiencing any operational disruptions and continues
to provide services.
Whiteville City Schools will work alongside NCDPI and PowerSchool, to ensure that all required
notifications are conducted.
It is important to stress that there is nothing that Whiteville City Schools or NCDPI could have
done to avoid this cybersecurity incident. Neither our schools nor DPI have administrative
access to the maintenance tunnel where the breach occurred.
In the coming days, impacted students and staff will receive notification. Protecting student and
educator data is a top priority, and we are taking this matter very seriously. NCDPI is committed
to protecting our students and staff, and they are actively advocating for each of them as we
navigate this situation with PowerSchool.
Thank you for your support. We will continue to update everyone when necessary, but if you
have any questions or concerns please feel free to reach out to Dr. Jonathan Williams or
Morgan F. Norris at Whiteville City Schools Central Services.

–

Original story: January 9th, 2025

PowerSchool, an online client used nationwide for housing student data and grades was hacked in a cybersecurity incident that took place at the end of December. PowerSchool announced this week that many school districts had data that was leaked, Columbus County Schools confirmed Thursday that no data was leaked from Columbus County Schools in the hack.

“On the afternoon of Tuesday, January 7th, PowerSchool informed North Carolina public schools, including Columbus County Schools, of a cybersecurity incident that impacted student and teacher data across PowerSchool’s global client base. This incident was not limited to North Carolina, but affected school districts across the country.

PowerSchool, a student information system (SIS) used in North Carolina since 2013, became aware on December 28, 2024, of unauthorized access to student and teacher data that began on December 19, 2024. The breach occurred when the credentials of a PowerSchool contract employee were compromised. PowerSchool has confirmed that the threat has been contained, the compromised data was not shared, and the data has been destroyed. Additionally, PowerSchool is collaborating with law enforcement to monitor the dark web for any potential exposure of this information.

Columbus County Schools has also investigated the situation and determined that no student data was downloaded from our PowerSchool instance, so there is no concern for our stakeholders, and Columbus County Schools was not included in the data that was breached.

Please reach out to the superintendent’s office if you have any questions.”

Statement via Columbus County Schools.