WCS A.I CyberSecurity Scoring
WCS
Company Information
Website:https://www.wcpss.net/
Employees number:136
Number of followers:318
NAICS:6111
Industry Type:Primary and Secondary Education
Homepage:wcpss.net
WCS Risk Score (AI oriented)
Between 650 and 699
WCSPrimary and Secondary Education
Updated:
14/05/2026
14/05/2026
692/1000
Weak
B
WCS Global Score (TPRM)
xxxx
WCSPrimary and Secondary Education
Score locked

WCSWeak
Current Score
692B (WEAK)
01000
2 incidents
-40.5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
695
JUNE 2026
694
MAY 2026
697
Vulnerability
13 May 2026 • WCS
Wake County Public School System: Wake student stumbles on peers' personal data. Make sure files you share are secure
Wake County Student’s Discovery Exposes School Data Security Flaws
692
CRITICAL-5
WAK1778718254
Wake County Student’s Discovery Exposes School Data Security Flaws
A routine file search by Abner Sanabria Cruz, a senior at Leesville Road High School in Wake County, North Carolina, uncovered a critical vulnerability in the school district’s file-sharing system. While looking for an assignment in early 2024, Sanabria Cruz stumbled upon sensitive documents including student ID numbers, grades, attendance records, medical files, and confidential teacher notes that were accessible to unauthorized users. One teacher’s note labeled a student as “hopelessly failing.”
The exposed files, shared within the district’s network, were not the result of a hack but rather misconfigured permissions a flaw caused by users, including students and staff, who inadvertently set files to be searchable and shareable across the system. After reporting the issue to school officials, Sanabria Cruz alerted WRAL News, prompting Wake County Public Schools to address the breach within weeks. The district implemented a script to scan for and delete improperly shared files, though it remains unclear whether affected families were notified.
The incident highlights a growing risk in K-12 cybersecurity: "oversharing" where users unintentionally expose sensitive data by setting loose permissions on platforms like Google Workspace for Education and Microsoft Education. Unlike high-profile ransomware attacks, these vulnerabilities stem from human error rather than malicious intrusion. A similar case in 2023 saw hackers exploit a Nevada student’s Google account to access and extort families over exposed records, leading the Clark County School District to temporarily restrict off-campus access and reset passwords. That case is now headed to trial after the district argued it was immune from liability.
Cybersecurity experts, including Doug Levin of the K12 Security Information Exchange, warn that such breaches are preventable. While file-sharing platforms default to private settings, users often intentionally or accidentally make files searchable, allowing tech-savvy individuals or even AI tools to uncover them. Levin notes that schools can mitigate risks by limiting user permissions, auditing systems regularly, and educating staff and students on secure file-sharing practices. However, he criticizes platform providers for not making stricter default settings mandatory, forcing schools to rely on third-party audits or custom scripts like Wake County’s that may delete necessary files in the process.
Under North Carolina’s Identity Theft Protection Act, breach notifications are only required if exposed data could lead to financial fraud, leaving unclear whether families in Wake County will be informed. The Family Educational Rights and Privacy Act (FERPA) mandates only that schools log the exposure in student records, not notify affected individuals. When questioned by WRAL, Wake County officials confirmed they received two generic reports about improperly shared files but did not specify how they verified the scope of the exposure.
The incident underscores the need for better training, stricter controls, and clearer policies in school districts. As Sanabria Cruz noted, many users especially students lack the technical knowledge to secure their data, placing the burden on schools to enforce safeguards. Without proactive measures, sensitive information remains at risk of accidental exposure, with potentially long-term consequences for students.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
APRIL 2026
773
Breach
25 Apr 2026 • WCS
Wake County Public School System: Wake schools notify parents of Canvas data breach
Wake County Schools Canvas Data Breach
697
CRITICAL-76
WAK1778128534
Wake County Schools Reports Canvas Data Breach, Exposing Student and Staff Information
The Wake County Public School System has alerted families about a cybersecurity breach involving Canvas, the education platform used by students and staff. The incident, discovered on April 30, occurred 11 days earlier on April 25, potentially exposing personal data of current students and employees.
While officials confirmed that passwords, birth dates, and financial information were not compromised, the breach has raised concerns among parents and educators. Lisa Baildon, a parent of a Millbrook High School student, expressed worries about the unknown motives behind the attack and the security measures in place to prevent future incidents.
This is the second breach in two years for the district. In 2024, a PowerSchool contractor’s credentials were compromised, leading to the exposure of names, addresses, and email information. Following that incident, the North Carolina Department of Public Instruction transitioned to a new student data management system.
Parents and teachers, including Wake County educator Wendy Carvajal, have voiced frustration over the repeated security lapses. Cybersecurity experts, such as Kimberly Simon of Growth Office Partners, have emphasized the need for heightened vigilance, recommending multi-factor authentication, unique passwords, and monitoring for phishing attempts.
The district continues its investigation, urging users to watch for suspicious activity. State school leaders have reinforced the importance of cybersecurity awareness for both schools and families.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
MARCH 2026
773
FEBRUARY 2026
773
JANUARY 2026
773
DECEMBER 2025
773
NOVEMBER 2025
773
OCTOBER 2025
773
SEPTEMBER 2025
773
AUGUST 2025
773
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for WCS ??
What was WCS's A.I Rankiteo Cyber Score in June 2026 ??
What was WCS's A.I Rankiteo Cyber Score in May 2026 ??
What was WCS's A.I Rankiteo Cyber Score in April 2026 ??
What was WCS's A.I Rankiteo Cyber Score in March 2026 ??
What was WCS's A.I Rankiteo Cyber Score in February 2026 ??
What was WCS's A.I Rankiteo Cyber Score in January 2026 ??
What was WCS's A.I Rankiteo Cyber Score in December 2025 ??
What was WCS's A.I Rankiteo Cyber Score in November 2025 ??
What was WCS's A.I Rankiteo Cyber Score in October 2025 ??
What was WCS's A.I Rankiteo Cyber Score in September 2025 ??
What was WCS's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on WCS's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with WCS ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view WCS's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?