Cyber Incident Victim: Millbrook Magnet High School

In August 2020, multiple North Carolina school districts experienced disruptions to virtual learning sessions, including an incident at Millbrook Magnet High School in Raleigh. Between August 19 and August 21, at least 20 staff members at Millbrook reported unauthorized intrusions during live virtual classes, where hackers used offensive language, directly insulted students and teachers, and displayed inappropriate content. The Wake County Public School System attributed these breaches to publicly accessible Google Meet links that had been posted where non-participants could find them. On August 18, Oberlin Magnet Middle School faced similar disruptions during a virtual class. By August 21, Wake County officials confirmed they had identified two students connected to the Millbrook incident and notified their parents. The district implemented measures to restrict link sharing and prevent recurrence, though specific technical controls were not detailed in public statements.

The pattern extended beyond Wake County, with Lee County High School in Sanford reporting an August 17 intrusion where a non-student account shared inappropriate content before being rapidly removed by the teacher. Winston-Salem/Forsyth County Schools disclosed that Southeast Middle School’s virtual art class was disrupted on an unspecified date when a participant shouted obscenities, prompting an investigation and parental notifications. The North Carolina Department of Information Technology’s Chief Risk and Security Officer, Maria Thompson, publicly advised schools to avoid password reuse, restrict credential distribution, vet participants, and avoid publishing meeting credentials—though no statewide mandate accompanied these recommendations. No arrests or disciplinary actions beyond parental notifications were confirmed across the affected districts, and no long-term educational or technical impacts were documented in available reports.