Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
WAKE COUNTY SCHOOLS

WAKE COUNTY SCHOOLS Vendor Cyber Rating & Cyber Score

wcpss.net

WAKE COUNTY SCHOOLS is a primary/secondary education company based out of 5625 DILLARD DR, Cary, North Carolina, United States.


WCS A.I CyberSecurity Scoring

WCS
Company Information
Website:https://www.wcpss.net/
Employees number:136
Number of followers:318
NAICS:6111
Industry Type:Primary and Secondary Education
Homepage:wcpss.net
WCS Risk Score (AI oriented)
Between 650 and 699
logo
WCSPrimary and Secondary Education
Updated:
14/05/2026
692/1000
Weak
B
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
WCS Global Score (TPRM)
xxxx
logo
WCSPrimary and Secondary Education
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

WCS
WCSWeak
Current Score
692B (WEAK)
01000
2 incidents
-40.5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
695Before Incident
JUNE 2026
694Before Incident
MAY 2026
697Before Incident
Vulnerability
13 May 2026WCS
Wake County Public School System: Wake student stumbles on peers' personal data. Make sure files you share are secure

Wake County Student’s Discovery Exposes School Data Security Flaws

692After Incident
CRITICAL-5
WAK1778718254
Wake County Student’s Discovery Exposes School Data Security Flaws A routine file search by Abner Sanabria Cruz, a senior at Leesville Road High School in Wake County, North Carolina, uncovered a critical vulnerability in the school district’s file-sharing system. While looking for an assignment in early 2024, Sanabria Cruz stumbled upon sensitive documents including student ID numbers, grades, attendance records, medical files, and confidential teacher notes that were accessible to unauthorized users. One teacher’s note labeled a student as “hopelessly failing.” The exposed files, shared within the district’s network, were not the result of a hack but rather misconfigured permissions a flaw caused by users, including students and staff, who inadvertently set files to be searchable and shareable across the system. After reporting the issue to school officials, Sanabria Cruz alerted WRAL News, prompting Wake County Public Schools to address the breach within weeks. The district implemented a script to scan for and delete improperly shared files, though it remains unclear whether affected families were notified. The incident highlights a growing risk in K-12 cybersecurity: "oversharing" where users unintentionally expose sensitive data by setting loose permissions on platforms like Google Workspace for Education and Microsoft Education. Unlike high-profile ransomware attacks, these vulnerabilities stem from human error rather than malicious intrusion. A similar case in 2023 saw hackers exploit a Nevada student’s Google account to access and extort families over exposed records, leading the Clark County School District to temporarily restrict off-campus access and reset passwords. That case is now headed to trial after the district argued it was immune from liability. Cybersecurity experts, including Doug Levin of the K12 Security Information Exchange, warn that such breaches are preventable. While file-sharing platforms default to private settings, users often intentionally or accidentally make files searchable, allowing tech-savvy individuals or even AI tools to uncover them. Levin notes that schools can mitigate risks by limiting user permissions, auditing systems regularly, and educating staff and students on secure file-sharing practices. However, he criticizes platform providers for not making stricter default settings mandatory, forcing schools to rely on third-party audits or custom scripts like Wake County’s that may delete necessary files in the process. Under North Carolina’s Identity Theft Protection Act, breach notifications are only required if exposed data could lead to financial fraud, leaving unclear whether families in Wake County will be informed. The Family Educational Rights and Privacy Act (FERPA) mandates only that schools log the exposure in student records, not notify affected individuals. When questioned by WRAL, Wake County officials confirmed they received two generic reports about improperly shared files but did not specify how they verified the scope of the exposure. The incident underscores the need for better training, stricter controls, and clearer policies in school districts. As Sanabria Cruz noted, many users especially students lack the technical knowledge to secure their data, placing the burden on schools to enforce safeguards. Without proactive measures, sensitive information remains at risk of accidental exposure, with potentially long-term consequences for students.
INCIDENT DETAILS -
TYPE
Data Exposure
IMPACT
Data Compromised: Student ID numbers, grades, attendance records, medical files, confidential teacher notesSystems Affected: Wake County Public Schools file-sharing system (Google Workspace for Education/Microsoft Education)Operational Impact: Implementation of a script to scan and delete improperly shared filesBrand Reputation Impact: Potential reputational damage to Wake County Public SchoolsLegal Liabilities: Unclear; district may argue immunity under FERPAIdentity Theft Risk: Potential risk due to exposure of student ID numbers and personal records
DATA BREACH
Student ID numbersGradesAttendance recordsMedical filesConfidential teacher notesSensitivity Of Data: High (personally identifiable and sensitive educational/medical information)Personally Identifiable Information: Yes (student ID numbers, grades, medical files)
APRIL 2026
773Before Incident
Breach
25 Apr 2026WCS
Wake County Public School System: Wake schools notify parents of Canvas data breach

Wake County Schools Canvas Data Breach

697After Incident
CRITICAL-76
WAK1778128534
Wake County Schools Reports Canvas Data Breach, Exposing Student and Staff Information The Wake County Public School System has alerted families about a cybersecurity breach involving Canvas, the education platform used by students and staff. The incident, discovered on April 30, occurred 11 days earlier on April 25, potentially exposing personal data of current students and employees. While officials confirmed that passwords, birth dates, and financial information were not compromised, the breach has raised concerns among parents and educators. Lisa Baildon, a parent of a Millbrook High School student, expressed worries about the unknown motives behind the attack and the security measures in place to prevent future incidents. This is the second breach in two years for the district. In 2024, a PowerSchool contractor’s credentials were compromised, leading to the exposure of names, addresses, and email information. Following that incident, the North Carolina Department of Public Instruction transitioned to a new student data management system. Parents and teachers, including Wake County educator Wendy Carvajal, have voiced frustration over the repeated security lapses. Cybersecurity experts, such as Kimberly Simon of Growth Office Partners, have emphasized the need for heightened vigilance, recommending multi-factor authentication, unique passwords, and monitoring for phishing attempts. The district continues its investigation, urging users to watch for suspicious activity. State school leaders have reinforced the importance of cybersecurity awareness for both schools and families.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Data Compromised: Personal data of current students and employeesSystems Affected: Canvas education platformCustomer Complaints: Concerns and frustration among parents and educatorsBrand Reputation Impact: Negative impact due to repeated security lapsesPayment Information Risk: None (passwords, birth dates, and financial information were not compromised)
DATA BREACH
Type Of Data Compromised: Personal dataSensitivity Of Data: Not passwords, birth dates, or financial informationPersonally Identifiable Information: Names, addresses, and email information (from prior breach)
MARCH 2026
773Before Incident
FEBRUARY 2026
773Before Incident
JANUARY 2026
773Before Incident
DECEMBER 2025
773Before Incident
NOVEMBER 2025
773Before Incident
OCTOBER 2025
773Before Incident
SEPTEMBER 2025
773Before Incident
AUGUST 2025
773Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for WCS ?
?
What was WCS's A.I Rankiteo Cyber Score in June 2026 ?
?
What was WCS's A.I Rankiteo Cyber Score in May 2026 ?
?
What was WCS's A.I Rankiteo Cyber Score in April 2026 ?
?
What was WCS's A.I Rankiteo Cyber Score in March 2026 ?
?
What was WCS's A.I Rankiteo Cyber Score in February 2026 ?
?
What was WCS's A.I Rankiteo Cyber Score in January 2026 ?
?
What was WCS's A.I Rankiteo Cyber Score in December 2025 ?
?
What was WCS's A.I Rankiteo Cyber Score in November 2025 ?
?
What was WCS's A.I Rankiteo Cyber Score in October 2025 ?
?
What was WCS's A.I Rankiteo Cyber Score in September 2025 ?
?
What was WCS's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on WCS's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with WCS ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view WCS's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?