PS Data Breach Image

Important Alert: Update on PowerSchool Data Breach and Ongoing Threat Activity

Terrie Holshouser

May 7, 2025

Subject: Important Alert: Update on PowerSchool Data Breach and Ongoing Threat Activity

Date: May 7, 2025

Dear Families, Staff, and Community Members,

We want to inform you about an important update regarding the previously reported PowerSchool Student Information System (SIS) data breach that occurred in January 2025.

This morning, threat actors contacted several public school employees and staff members at the North Carolina Department of Public Instruction (NCDPI), claiming to possess student and teacher records associated with that original breach. Similar outreach has also been reported by other PowerSchool SIS customers across the country.

At this time, the investigation indicates that the threat actors may have accessed the same data tables that were initially compromised. These tables include sensitive information such as:

  • Names of students and staff

  • Contact information

  • Birthdates

  • Limited student Social Security numbers

  • Medical notes

  • Limited passwords

  • Parent/guardian details

NCDPI has notified the appropriate law enforcement agencies, who are now actively investigating the incident.

What to Do If You Are Contacted by Threat Actors

If you receive an email or message related to this incident:

  • Do NOT click any links included in the message

  • Do NOT reply or engage with the sender

  • Do NOT pay any ransom or comply with any demands
    (North Carolina law N.C.G.S. 143-800 prohibits engaging with threat actors or making ransom payments)

  • Immediately report the message using this Cybersecurity Incident Notification Form

Important Reminder

PowerSchool has accepted full responsibility for the January 2025 breach. According to current findings, this latest threat activity stems from that same incident. There was no action NCDPI or individual school districts could have taken to prevent this event.

Free Identity Protection Services Available

To support those affected, PowerSchool is offering complimentary identity protection and credit monitoring services. The deadline to enroll has been extended to July 1, 2025, and NCDPI is advocating for an even longer window.

What’s Included:

  • 2 years of free identity protection for all impacted students and educators

  • 2 years of free credit monitoring for all affected adult students and staff

  • Available regardless of whether Social Security numbers were compromised

To enroll in these services, please visit: Enroll in Protection Services

Additionally, individuals may place a free credit freeze through the North Carolina Department of Justice.

We understand the concern this incident may cause and remain committed to keeping our school community informed and protected. Please monitor your email and our district website for any further updates.

Sincerely,

Lexington City Schools