State attorney general's office investigating school software breach
RALEIGH, N.C. (WTVD) -- The state Attorney General's office is investigating a major data breach impacting millions of North Carolina families.
PowerSchool, a software company that works with public schools across North Carolina, had a security breach in mid-December. The Attorney General estimates the breach impacts around four million people in North Carolina, including students and teachers.
"It's where all our grades are stored, that's where you can go check them for the quarter," said Nora Snowden, a freshman at Enloe High School.
Across the country and in North Carolina, hackers were able to potentially access personal data like social security numbers, names, addresses, and medical information in some cases.
Attorney General Jeff Jackson told ABC11 there is no lawsuit on the table right now. Still, they're working to investigate the company to find out what they were doing before the breach to protect peoples' data and privacy.
"North Carolina has a pretty well-established history of using the law to protect people's data and hold people who breach that data accountable. We were a main participant in the Equifax lawsuit from several years ago. So these are new threats and evolving threats. But our law is here to hold folks accountable," Jackson said.
In a statement posted to their website, PowerSchool said "As soon as we learned of the incident, we immediately engaged our cybersecurity response protocols and mobilized a cross-functional response team, including senior leadership and third-party cybersecurity experts."
They're also working to make credit monitoring available to people who need it. But North Carolina's Department of Public Instruction is ready to make some changes.
"I will have to say we take data privacy and protection very seriously and incredibly disappointed that our vendor had this happen," said Chief Information Officer Vanessa Wrenn.
The department is in the process of switching our state's public schools to another platform called Infinite Campus, and are also working to make sure none of the data gets into the wrong hands..
RELATED | Students' and teachers' information accessed in data breach of PowerSchool system at WCPSS
"We were also assured that all law enforcement agencies were monitoring the dark web to look for any indications that this data has been made available. And to date, we've not had any indication of that," Wrenn said.
They're also urging parents to be smart online.
"As careful as parents are about their own data, that's how careful they need to be on behalf of their kids. One quick piece of advice for everybody. Don't repeat passwords," Jackson said.
A lesson students are now having to learn from a young age.
"My parents are definitely big on that then, they taught me not to use the password, don't store all your password in one place," Snowden said.
If you're concerned your child's data was impacted, you can sign up for credit monitoring. The State Department of Public Instruction said another thing you can do it lock your child's social security number. It prevents anyone from using it to apply for jobs, credit cards, or change any personal information.
The State Department of Justice has information on how to do that on their website.
ALSO SEE: NC State's Moraja raising awareness, creating inspiration for athletes with diabetes
