Schools in Lenoir County, along with other districts across the state and around the world, have been impacted by a data breach affecting PowerSchool, a student information system used by schools. The breach occurred on Dec. 19, 2024, when the credentials of a PowerSchool contract employee were compromised, allowing unauthorized access to student and teacher data. PowerSchool became aware of the breach on Dec. 28, 2024, and alerted North Carolina school systems on Jan. 7, 2025.

The North Carolina Department of Public Instruction (NCDPI) has confirmed that data from Lenoir County Public Schools was accessed during the breach. The data may include personally identifiable information, limited medical details, and grade information. While PowerSchool states the compromised data has been destroyed, cybersecurity experts caution there is no way to guarantee this.

Haley Quinn, a parent with children in Lenoir County Public Schools, voiced concerns many families share.
"My children are in an LCPS school, and I need to know what information was compromised," Quinn said. "Are they going to cover credit monitoring for the staff and the students? How much student information was accessed? These are questions we need answers to so I can take steps to protect my kids and their information."

The breach affected all schools using PowerSchool since its implementation in North Carolina in 2013. Fewer than 1,000 students' Social Security numbers were exposed, though more teachers' Social Security numbers were compromised. PowerSchool is analyzing the data and plans to notify affected individuals by the end of January. Credit monitoring will be offered to those whose Social Security numbers were accessed.

Le’Andra D. McPhatter, a former LCPS teacher now working in the Northeast, explained that while the breach is alarming, it’s important to recognize the district’s limitations.
"Parents should know this isn’t on the district — PowerSchool is a separate entity that school districts utilize," McPhatter said. "I’m happy to hear that the compromised info was destroyed and hope PowerSchool takes extra steps to prevent this from happening again."

Lenoir County Public Schools emphasized that they, along with NCDPI, had no access to the point of the breach and could not have prevented it. They are collaborating with PowerSchool and NCDPI to identify affected individuals and assess the full scope of the incident.

By July 1, 2025, all North Carolina public schools will transition to a new student information system, Infinite Campus, a decision made before the PowerSchool breach. However, some historical data may still reside in the PowerSchool system.

PowerSchool reports that two data tables, primarily containing contact information, were accessed using a compromised contractor account on Dec. 19, 2024. These tables may also include personally identifiable information, limited medical details, and grades, though NCDPI has clarified that no medical data was compromised in North Carolina.

PowerSchool is continuing its investigation and plans to notify affected individuals of the specific data accessed by the end of January.