PowerSchool Breach Notice

Dear Burke County Public School Families,

We want to make you aware of a recent update related to the PowerSchool data breach that was originally reported in January of this year. This morning, several school and North Carolina Department of Public Instruction (NCDPI) employees across the state received messages from threat actors claiming to have access to student and teacher data from that breach. We have been informed that several Canadian school districts have received similar messages as well.
Based on the current status of our investigation, we believe that the threat actors have access to the same data tables that were originally compromised. These data tables include student and staff names, contact information, social security numbers (limited student social security numbers), birthdays, medical notes, passwords (limited) and parent/guardian information. 

NCDPI has already notified appropriate law enforcement agencies, who are actively investigating this incident.

We want to assure you that Burke County Public Schools and NCDPI have done everything possible to protect this information. PowerSchool, the vendor responsible for the incident, has taken full responsibility for the breach and is providing support services for those impacted.

What You Need to Know:

• Please do not open any suspicious links or emails related to this incident.
• Do not engage with anyone claiming to have this data.
• PowerSchool is offering two years of free identity protection and credit monitoring to all affected students and educators through July 1, 2025. NCDPI is advocating for this window to be extended further to ensure everyone has time to enroll. Affected individuals can enroll in identity protection and credit monitoring at no cost to themselves here. Services include:
  • Two years of complimentary identity protection for all students and educators affected
  • Two years of complimentary credit monitoring for all adult students and educators affected
  • These services are available regardless of whether an individual's Social Security number was compromised.
• Additional protection: Impacted users can freeze their identity for free through the North Carolina Department of Justice.

As we continue to work through this incident, we are committed to supporting students, families and staff with transparency and care. 

Sincerely,

BCPS

To: Parents and Guardians
From: BCPS
Subject: PowerSchool Cybersecurity Update Dear BCPS Families,

We are writing to update you regarding the recent cybersecurity incident involving PowerSchool, the software vendor that provides our Student Information System (SIS).

On Wednesday, Jan. 29, 2025, PowerSchool initiated the process of notifying individuals whose information was determined to be involved.

As previously mentioned, PowerSchool has engaged Experian, a trusted credit reporting agency, to provide complimentary identity protection and credit monitoring services to current and former students and educators that had information exfiltrated from PowerSchool SIS. PowerSchool is doing this regardless of whether an individual’s Social Security Number was exfiltrated. In the coming weeks, Experian (on behalf of PowerSchool) will be distributing direct email notifications to involved individuals (or their parent/guardian, as applicable) for whom PowerSchool has sufficient contact information.

Additionally, PowerSchool has worked with Experian to set up a dedicated, toll-free call center to answer any questions associated with these offerings and the incident. All the information regarding the activation of and access to these services will be included in the email sent to you by Experian. Whether or not you receive an email, you may also visit PowerSchool’s website to learn how to activate the offering from Experian, linked here: http://www.powerschool.com/security/sis-incident/notice-of-united-states-data-breach/.

Protecting our students and teachers remains our top priority. Thank you again for all of your support and understanding during this time.

Sincerely,
BCPS

RE: An Update from Burke County Public Schools on the PowerSchool Cybersecurity Incident 

Dear Burke County Public Schools families,

As we previously communicated on Jan. 10, 2025, PowerSchool – a cloud-based software vendor formerly used by Burke County Public Schools – experienced a cybersecurity incident in December 2024 involving unauthorized access to certain information in the PowerSchool Student Information System. 

We continue to work with PowerSchool and receive updates on exactly how many BCPS students and staff members are impacted. While BCPS no longer uses PowerSchool, it retained student and staff information collected before our transition to Infinite Campus on July 1, 2024. 

As soon as PowerSchool learned of the incident, they engaged cybersecurity response protocols and mobilized their senior leadership as well as third-party cybersecurity experts to conduct a forensic investigation of the scope of the incident and to monitor for signs of information misuse. PowerSchool is not aware of any identity theft attributable to this incident. 

PowerSchool has shared the following next steps:

• Notification to Individuals Involved: Starting in the next few weeks, in collaboration with Experian, PowerSchool will provide notice to students (or their parents / guardians if the student is under 18) and educators whose information was involved, as well as a phone number to answer any questions you may have about the incident. The notice will include the identity protection and credit monitoring services offer (as applicable). 

• Identity Protection and Credit Monitoring Services: Experian will offer two years of complimentary identity protection services for all students and educators whose information in PowerSchool was involved. This offer will also include two years of complimentary credit monitoring services for all adult students and educators whose information was involved. 

In the meantime, we encourage you to visit https://www.powerschool.com/security/sis-incident/ for up-to-date information on the cybersecurity incident. We care deeply about the welfare of our BCPS families and will continue to do everything we can to support you. Thank you for the important role you play in our community and your shared commitment to putting our students first. 

Sincerely,

Burke County Public Schools

 

Hello Burke County Public Schools Families, 

This is a courtesy notification to inform you that the North Carolina Department of Public Instruction (NCDPI) informed Burke County Public Schools of a cybersecurity incident that occurred in the PowerSchool Student Information System in December 2024. The incident impacted school systems nationwide, including many in North Carolina. 

Since being notified, Burke County Public Schools has been working to gather additional information, and will continue working withNCDPI to keep you updated. According to NCDPI, the incident is contained, but may have affected database information involving Burke County Public Schools students and staff.

PowerSchool contractor credentials were compromised which led to the data breach. Burke County Public Schools does not own or maintain the security of the NCDPI PowerSchool instance and has not used PowerSchool as our student information system since July 1, 2024; however, PowerSchool retained student and staff information collected before our transition to Infinite Campus. While there is nothing that could have been done by the impacted public school units to prevent this, we want to assure you Burke County Public Schools has measures in place to protect the security and privacy of data.

We will continue to work to gather additional details on what PowerSchool database information may have been accessed, and share any further steps those involved may need to take.

If you were directly impacted by the incident, you will receive direct notification from PowerSchool. 

Thank you, 

BCPS