Hackers Send Threatening Emails After NC School Data Breach: Officials Warn Against Engagement

The North Carolina Department of Public Instruction (NCDPI) has issued a warning after hackers began sending threatening emails to victims of a recent school data breach. Officials say around 50 employees from the department and 20 local education agencies received extortion emails this week.

Cybersecurity expert Craig Petronella, who has decades of experience in the field, explained that criminals are skilled at scraping, harvesting, and using personal data. He said the hackers are trying to exploit information compromised during a previously reported breach.

State Superintendent Mo Green confirmed that the emails are linked to the cybersecurity incident involving PowerSchool, a contractor managing the state’s student information system. That breach, originally reported in January, exposed sensitive records of North Carolina students and educators.

"This morning, threat actors reached out to employees and public schools, showing they had access to records from the earlier breach," Green said during a press conference. "They are now attempting to extort public schools in the state."

PowerSchool has clarified that there has not been a new breach, but rather a continued misuse of the same stolen data from December.

Officials are urging recipients of these emails not to respond and to report any suspicious activity.

Vanessa Wrenn of the Department of Public Instruction confirmed that free credit monitoring and identity theft protection is available for all current and former students, their families, and educators. The protection is available until July 31, 2025.

North Carolina is not alone—states like Oregon and even parts of Canada were also affected by the same breach.

"I want to express my regret to our students, parents, and staff," said Green. "We are working to prevent further misuse of your personal information."

As a result of the breach, the state will end its contract with PowerSchool and begin using a new software, Infinite Campus, starting in July. Green said the new system offers a more modern and secure solution.

An investigation by the Attorney General's office, launched in February, is still ongoing. Petronella noted that determining how the breach occurred takes time, as investigators must examine how the hackers got in—whether through outdated software, poor encryption, or other vulnerabilities.

Parents, students, and staff can sign up for credit monitoring services through the State Department of Public Instruction’s official website.