550,000 Wake students and teachers hit by data breach. How to watch for identity theft
Current and former Wake County students and teachers are being warned to be on the alert for identity theft after a nationwide cyber attack compromised more than a decade of personal data.
Last month, a hacker gained access to personal data for students and teachers across the country in the database for the PowerSchool student information system. In a message sent Thursday, the Wake County school system urged current and former students, parents and school employees to take action to protect themselves.
The data breach goes back to 2013, when all North Carolina public schools began using PowerSchool, according to Shashi Buddula, Wake’s Chief Technology Officer. In Wake County alone, the district says 461,000 student records and 92,000 teacher records could have been compromised.
“It’s very disappointing what happened, but that’s the world we are in,” Buddula said in an interview Thursday. “We want to be transparent and let our stakeholders know what’s going on.”
PowerSchool data breach in NC reported
In North Carolina, PowerSchool is used to record information such as student attendance, grades and class schedules. In a decision made before the latest breach, all North Carolina public schools will switch to using the Infinite Campus information system by July 1.
On Dec. 28, PowerSchool learned that the credentials for a contract employee were compromised by malware. A threat actor used the malware to access confidential student and teacher data.
But the state Department of Public Instruction and schools weren’t notified until Jan. 7.
PowerSchool says the data accessed was destroyed and they do not believe any additional copies remain.
The company also says it’s coordinating with districts and schools to provide more information and resources (including credit monitoring or identity protection services if applicable) as they become available.
Now schools across the country are alerting families about the data breach.
What data is at risk in Wake County?
Wake County is North Carolina’s largest school system with 160,000 students and more than 11,000 teachers.
The data breach doesn’t involve employees such as bus drivers or custodians. But Buddula said any employees who’ve needed PowerSchool access since 2013, such as teachers, instructional assistants and principals, are impacted.
Wake says DPI has confirmed no Social Security numbers for students were accessed. But data that could have been compromised include:
For staff:
▪ Full names (first, middle, last)
▪ Street addresses
▪ Some Social Security numbers
▪ Home phone numbers
▪ Email addresses used for work-related communication
For current and former students:
▪ Names (first, middle, last) of students, parents, and guardians
▪ Physical and mailing addresses
▪ Date of birth
▪ Gender and ethnicity
▪ Student identification numbers
▪ Guardian or parent email addresses and phone numbers
▪ Emergency contact details (names and phone numbers)
What can you do to protect themselves from identity theft?
Wake recommends people take the following steps:
▪ Review your financial statements and accounts for any suspicious activity.
▪ Stop identity thieves from getting new credit in your name by placing a security freeze on your credit. Contact the Credit Bureaus to request a security freeze:
▪ Equifax | 1-800-349-9960
▪ Experian | 1-888-397-3742
▪ TransUnion | 1-888-909-8872
How to get a credit security freeze for children
Wake also says parents can get a special Protected Consumer security freeze to help protect their children against identity theft.
▪ Continue to review your credit reports every few months. Your private information released in the security breach may not be used immediately.
▪ To get your free report, go to www.annualcreditreport.com or call 1-877-322-8228.
“There’s a lot of breaches that are happening,” Buddula, said. “ As a general good practice, I’d put in a freeze and monitor the credit reports.”
