January 10, 2025 Communications
On January 7, 2025, PowerSchool, the student information system (SIS) used by most school districts in North Carolina since 2013, notified the North Carolina Department of Public Instruction (NCDPI) and North Carolina school districts that unauthorized access to student and staff data in its global client base had occurred in December 2024. This incident impacts school systems across North Carolina, the nation, and the world.
We have been informed that data from the Surry County Schools was compromised as a part of this incident. We are working closely with NCDPI and PowerSchool to determine the specific nature of the data involved. If PowerSchool determines that personal data has been compromised, it will contact the affected individuals directly and provide specific details and guidance.
PowerSchool reports that the incident is contained, that they have taken steps to secure the data, and that there is no indication potentially compromised information has been shared or made public to additional parties. Federal law enforcement, NCDPI, and PowerSchool are monitoring the situation closely.
PowerSchool has assured us that its systems are operational and that it has implemented additional security measures to prevent future incidents. It is important to note that this incident occurred at the PowerSchool company level, and neither the Surry County Schools nor NCDPI data systems are involved. NCDPI has stated publicly that neither the Surry County Schools nor any other North Carolina school district could have prevented this incident.
Protecting personally identifiable information of our students, families, and staff is critically important, and we take this matter very seriously. We will share updates as additional information becomes available from NCDPI and PowerSchool. We are committed to providing clear information about the steps being taken to address and mitigate any potential impact. Our priority is to keep our community informed and supported throughout this process.
Thank you for your patience and understanding as we navigate through this situation alongside school districts worldwide.
January 16, 2025 Communication
On January 7th, PowerSchool, the student information system used by our district and others across the globe, notified us of a cybersecurity breach incident involving unauthorized access to student and teacher data. Since our last communication, Surry County Schools has received further details about the nature of the cybersecurity breach incident and its potential impact on our district.
The North Carolina Department of Public Instruction has confirmed that an unauthorized party accessed data from Surry County Schools as part of this incident.
This incident was not isolated to North Carolina, as schools across the globe were impacted. PowerSchool has assured us that the threat is now contained, the accessed data was not shared, and any potentially compromised information has been destroyed. PowerSchool has added additional security measures and confirmed that there is no ongoing unauthorized activity in their systems.
PowerSchool will notify all impacted individuals directly and will offer credit monitoring services to affected adults and identity protection services to affected minors. Student data may include personal information, some medical details, and grades, depending on the district. For staff, data may include Social Security Numbers and other personal details.
We understand the seriousness of this matter and are committed to keeping our students, families, and staff informed as information becomes available. Please know that we are working closely with PowerSchool and NCDPI to ensure all necessary steps are taken to protect our community and provide support to those affected.
Thank you for your patience and understanding as we work through this situation alongside school districts worldwide.