Richmond County Schools was informed on the evening of January 10, 2025 that local student and staff data was impacted by a global cybersecurity incident involving PowerSchool.

PowerSchool, a student information system (SIS), became aware of the breach on December 28, 2024, which began on December 19, 2024. The incident involved unauthorized access to student and teacher data across PowerSchool’s global client base. On January 7, 2025 PowerSchool alerted North Carolina public schools and the North Carolina Department of Public Instruction (NCDPI) about the breach. This incident was not limited to North Carolina.

Richmond County Schools transitioned from PowerSchool to Infinite Campus, another SIS, for the current school year. The breach occurred when a PowerSchool contract employee's credentials were compromised. PowerSchool has reported that the threat has been contained, the compromised data was not shared, and it has since been destroyed. The company is working with law enforcement to monitor the dark web for any signs of exposure.

It is important to note that neither Richmond County Schools nor NCDPI had administrative access to the maintenance system where the breach occurred, and there was no action either could have taken to prevent this incident.

PowerSchool will notify impacted students and staff directly as they continue addressing the situation. Richmond County Schools is still in the process of investigating data which may have been included in the breach but can confirm no student social security numbers were compromised.

Protecting student and educator data is a top priority for Richmond County Schools and NCDPI. We are fully committed to ensuring the security of sensitive information and to supporting those affected by this incident. NCDPI is actively working with PowerSchool to address the situation and advocate on behalf of our students and staff, prioritizing their privacy and data security every step of the way.

For more information, visit www.powerschool.com/security/sis-incident.