HCS Families,
Harnett County Schools has been made aware of a security breach involving PowerSchool, our former Student Information System (SIS) provider, in compliance with a statewide requirement from the North Carolina Department of Public Instruction. This information is being shared on behalf of PowerSchool and NCDPI to ensure our parents and staff are informed. Out of an abundance of caution, we want to ensure our community knows that personal information may have been affected while PowerSchool was in use.
On the afternoon of Tuesday, January 7, PowerSchool alerted North Carolina public schools and the North Carolina Department of Public Instruction (NCDPI) to a cybersecurity incident impacting student and teacher data across their global client base. This incident was not isolated to North Carolina. PowerSchool is a student information system (SIS) that has been in use in North Carolina since 2013.
On December 28, 2024, PowerSchool became aware of a cybersecurity incident that began on December 19, 2024, involving unauthorized access to student and teacher data. The data breach occurred when the credentials of a PowerSchool contract employee were compromised. PowerSchool has shared that the threat has been contained and that the compromised data was not shared and has been destroyed. PowerSchool is working with law enforcement to monitor the dark web for any data exposure.
Based on the information HCS received, personal information for students and staff was accessed. Personal identifiable data potentially accessed includes birthdates, addresses, phone numbers, gender, ethnicity, etc. PowerSchool and NCDPI have confirmed that no student Social Security Numbers (SSN) were accessed in this breach.
For additional details and answers to common questions about this incident, please refer to the FAQ: https://www.powerschool.com/security/sis-incident/.
Harnett County Schools will work alongside NCDPI and PowerSchool to ensure that all required notifications are received.
It is important to stress that there is nothing that Harnett County Schools or NCDPI could have done to avoid this cybersecurity incident. Neither our schools nor DPI have administrative access to the maintenance tunnel where the breach occurred.
In the coming days, impacted students and staff will receive PowerSchool notifications directly. While this breach involved a third-party vendor, Harnett County Schools remain dedicated to protecting the privacy and security of our staff and students. As a part of this commitment, we are taking the following steps:
Conducting a thorough review of our current data management practices and vendor security protocols.
Strengthening our cybersecurity measures and data governance policies.
Collaborating with NCDPI and industry experts to ensure stronger protections for all stored data.
We understand the seriousness of this incident and are committed to transparency and communication as we navigate this matter. Thank you for your patience and understanding as we continue to prioritize the security of your information.