Mecklenburg County, Va., schools on ‘technology lockdown’ after cyber incident
Mecklenburg County Public Schools notified families Sept. 3 that a cybersecurity incident forced the division to impose a “technology lockdown,” taking systems offline while outside experts and law enforcement investigate. According to reporting by SoVaNOW/The Mecklenburg Sun, Superintendent Scott Worner said classes would continue and physical safety systems remain operational; teachers were told to “go old school” with whiteboards and paper as the network is secured. The division, headquartered in Boydton, Virginia, has not confirmed whether data was accessed, whether the attack was targeted, or when the incident was first detected.
Worner pledged updates as the scope becomes clear. The disruption comes amid rising cyber pressure on K-12 systems nationwide; recent reporting counted dozens of district ransomware incidents in 2023 through mid-2024, underscoring sector risk. Separately, early 2025 saw a third-party breach at PowerSchool affecting multiple Virginia and North Carolina districts; officials later said a ransom was paid, though there is no indication Mecklenburg County’s event is related.
MCPS serves about 3,700 students across four elementary schools and a combined middle and high school complex in Boydton, Virginia. This incident should not be conflated with the separate Charlotte-Mecklenburg Schools (N.C.) PowerSchool breach in January 2025 or the 2017 ransomware attack on Mecklenburg County, North Carolina, government systems. This year’s K-12 landscape includes multiple disruptions: Williamsburg-James City County Schools in Virginia reported a Feb. 9 cyber incident and said systems were restored by Feb. 14; Radford City Public Schools disclosed a June 10–11 event; Ridgefield Public Schools in Connecticut took its network offline after a July 24 attempted ransomware attack; Fort Smith Public Schools in Arkansas reported phone and internet outages on July 21; and Bonneville Joint School District 93 in Idaho shut down its network after a June 20 attack.