Attorney General Jeff Jackson Demands Accountability from PowerSchool over 2024 Data Breach

RALEIGH – Attorney General Jeff Jackson is demanding information from PowerSchool about the cause of their 2024 data breach that compromised the personal information of nearly 4 million teachers, students, and parents in North Carolina. These demands are part of Attorney General Jackson’s ongoing investigation into PowerSchool.

“Last year’s data breach compromised the personal information of teachers, public school employees and families across North Carolina,” said Attorney General Jeff Jackson. “I’m demanding more information from PowerSchool about how this breach happened and who it affected, and what we learn will drive our next steps.”

Attorney General Jackson issued a Civil Investigative Demand (CID) to PowerSchool that legally requires it to provide to him the following information:

• The exact number of North Carolinians impacted by the 2024 data breach.
• Details about PowerSchool’s cybersecurity measures that were in place to protect users’ personal information leading up to the breach.
• Which security flaws may have contributed to the breach.
• Information about PowerSchool’s response and actions in the immediate aftermath of the breach.
• Steps PowerSchool has taken to address the cybersecurity failures that contributed to the data breach and strengthen data protection methods.
• PowerSchool’s work to communicate with and assist consumers affected by the breach.

PowerSchool sells software products used by schools across the country, including public schools across North Carolina. In December 2024, a hacker gained access to that software, potentially exposing Social Security numbers, addresses, names of minors, and medical and disciplinary information. The breach impacted more than 62 million people across the country. PowerSchool later paid a ransom to the hacker to delete the information that was stolen, but a hacker then tried to extort North Carolina public school districts again.

Earlier this year, the U.S. Department of Justice charged 19-year-old Massachusetts college student Matthew Lane with hacking PowerSchool’s system and facilitating the 2024 data breach. Lane entered a plea deal with the federal government in May. Lane pleaded guilty to cyber extortion conspiracy, cyber extortion, unauthorized access to protected computers, and aggravated identity theft.

Students and staff affected by the data breach have until July 31, 2025, to enroll in free identity protection and credit monitoring (offered for adult students and educators) here. You can also find out more about setting up a free security freeze here.

###