Report: Data breaches impacted 9M+ North Carolinians in 2025
North Carolina recorded 2,349 data breaches in 2025, affecting over 9 million residents, with education sector breaches rising to 155 incidents. The state’s Department of Justice report highlights phishing and third-party vendor vulnerabilities as key threats, while the FBI reported $431.5 million in losses from cybercrime in the state.
North Carolina’s Department of Justice released its 2025 data breach report, confirming a record 2,349 breaches impacting over 9 million residents. The report highlights that criminals primarily use hacking and phishing to access sensitive information, with education institutions facing 155 breaches—7% of the total. The Federal Bureau of Investigation’s annual report also noted North Carolinians lost $431.5 million to internet crimes in 2025, across 25,940 complaints. The Wake County Public School System recently disclosed a cybersecurity incident involving Canvas, a learning management system operated by Instructure. Officials suspect unauthorized access to student and staff data. Earlier in 2025, a breach of PowerSchool, a student information system, exposed millions of records, partly due to the absence of multifactor authentication. The state’s Department of Public Instruction (DPI) later approved $1.1 million in cybersecurity funding to address vulnerabilities. Kimberly Simon, CEO of Growth Office Partners, explained that schools often rely on third-party vendors, making them prime targets for extortion, phishing, or data sales. Around 70% of cyberattacks in North Carolina stem from phishing simulations, according to DPI Chief Information Officer Vanessa Wrenn. Wrenn emphasized the need for staff training to mitigate risks, noting that vendor gaps have previously been exploited. The FBI recommends several measures to reduce cyber threats, including maintaining encrypted, offline backups and enforcing NIST-compliant password standards. Default passwords should be eliminated, and unnecessary protocols disabled. Administrative privileges must be audited, with access controls aligned to the principle of least privilege. These steps aim to strengthen defenses against evolving cybercrime tactics. The state’s education sector remains particularly vulnerable, with breaches often affecting thousands of students and staff simultaneously. Officials stress the importance of proactive cybersecurity measures to prevent future incidents and protect sensitive data.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.