NCDPI renews contract with PowerSchool after massive data breach

pWILMINGTON NC WECT Six months after a massive data breach that impacted students families and school staff around the country including each school district in Southeastern North Carolina the North Carolina Department of Public Instruction NCDPI has renewed part of its contract with the company at the center of the breachppOn Monday the North Carolina State Board of Education approved a sixmonth roughly 270000 contract with PowerSchool for professional evaluations and onboarding services The contract NCDPI noted isnt related to the student information system which was hacked in December That systems contract will expire at the end of June and wont be renewedppNCDPI declined to answer questions about the contract on camera Wednesday only sending information through emailppProtecting our educator and student data is of utmost importance to the North Carolina Department of Public Instruction a spokesperson wrote While these PowerSchool products are completely separate from the companys student information System services and are not housed in the security infrastructure that was compromised in late 2024 this contract amendment puts into place additional privacy protectionppThis contract will begin July 1 and expire at the end of the yearppIm not gonna say I was excited to hear that said New Hanover County School Board Member Josie Barnhart Im sure theyre doing everything they can to put things in place to make sure this doesnt happen againppDuring Mondays meeting NCDPI outlined plans to ensure security with PowerSchool It includes thirdparty tests a full forensic report and a review by the North Carolina National GuardppPowerSchool will have to show it cleared those steps before Sept 1 or the contract will be terminated according to DPI They also have to pass each step before receiving paymentppPowerSchool has shared they have worked extensively to minimize any impact on students families educators and school districts an NCDPI spokesperson said PowerSchool solutions are critical to education outcomes and processes and the changes they have made to their products in response to the cybersecurity incident have appropriately addressed the concerns of NCDPI and thirdparty cybersecurity analystsppThe breach impacted potentially millions of people around North Carolina including names social security numbers and addresses among other sensitive information After the student information system contract ends on June 30 there will be a sixmonth transition period to transfer and destroy the data PowerSchool still has a DPI spokesperson saidppIn May DPI revealed public school employees around the state had received threatening emails asking for money in exchange for deleting the breached data The US Department of Justice later charged Matthew Lane a 19yearold from Massachusetts with hacking PowerSchool and facilitating the breachppOn Tuesday North Carolina Attorney General Jeff Jackson announced the next step in his offices investigation into PowerSchool Issuing a Civil Investigative Demand which legally requires PowerSchool to provideppBarnhart said shes grateful to see Jackson tackling the issue She said shes had conversations with the North Carolina Department of Information Technology about establishing annual security checkpoints and bringing in NCDIT employees to an August school board meeting to talk about changes to security protocols and practicesppBehind the scenes we are actively pushing to say do as much as possible because our staff our students who were compromised deserve justice she saidppStudents and staff impacted by the data breach have until July 31 2025 to enroll in free identity protection and credit monitoring offered for adult students and educators hereppCopyright 2025 WECT All rights reservedp