Raleigh, N.C. — Public school employees across North Carolina and staff at the North Carolina Department of Public Instruction (NCDPI) were targeted Wednesday morning in an extortion attempt by threat actors claiming to possess sensitive student and staff data previously compromised in a January cybersecurity breach involving the PowerSchool Student Information System (SIS).

The messages, which appear to be part of a broader global cyber incident affecting PowerSchool customers in multiple U.S. states and Canada, attempted to extort North Carolina public schools. NCDPI has stated unequivocally that it has not and will not engage with the threat actors, citing state law (G.S. 143-800), which prohibits negotiating or paying ransoms in such situations.

The Federal Bureau of Investigation is actively investigating the incident.

According to NCDPI, the threat actors appear to have access to the same data that was originally compromised earlier this year. On January 10, school district and charter leaders were provided with detailed information on the types of data affected. These included student and staff names, contact information, some Social Security numbers, dates of birth, medical notes, limited passwords, and parent or guardian details.

It is not yet confirmed whether the same individuals are behind both the January breach and this week’s extortion attempt. However, PowerSchool stated earlier today that they do not believe a second breach has occurred, as the incident involves the same data set previously reported. PowerSchool had originally told clients that the data had been destroyed and not shared—an assurance now proven to be incorrect.

“PowerSchool is the party responsible for the breach,” NCDPI emphasized in a statement. “There is nothing NCDPI, school districts, or individual schools could have done to prevent these violations.”

North Carolina’s contract with PowerSchool will conclude on July 1, 2025. The state has already begun transitioning to a new vendor, Infinite Campus, following a decision by the State Board of Education in 2023 to modernize the state’s student information system. The two-year transition process is on track to be completed this summer.

NCDPI’s cybersecurity team has vetted Infinite Campus’s security protocols and reviewed all current technology vendor contracts to ensure compliance with state security standards. All vendors with access to protected information in North Carolina must submit annual security attestations.

NCDPI has notified all public school units about Wednesday’s incident and is offering ongoing support. Staff who received threatening messages are advised not to respond and to report the communications to their district’s technology teams immediately.

In response to the breach, PowerSchool has extended the enrollment deadline for impacted individuals to sign up for complimentary identity protection and credit monitoring services until July 1, 2025. NCDPI is urging the company to extend that deadline further to ensure all affected users have adequate time to enroll.