Attorney General Jeff Jackson urged North Carolina businesses on Apr. 15 to review their systems following a recent cyberattack involving the open-source JavaScript library Axios, which may have compromised sensitive consumer data.
The warning comes as North Carolina experiences an increase in data breaches, with last year being described as the worst year for such incidents in state history. The incident highlights ongoing concerns about cybersecurity and the need for vigilance among organizations that handle personal information.
Hackers released malicious versions of an Axios update on March 31, which installed malware on any system that downloaded it. Businesses using Axios in their websites, applications, or internal tools could be affected by this breach. Jackson said, “Last year was the worst year for data breaches in North Carolina history. The Axios hack shows why these numbers keep climbing – a single compromised software update can expose data across thousands of businesses at once. If Axios is part of your software system, check your system today.”
Jackson called on companies to consult with IT departments or software providers to determine if they use Axios and take necessary steps if so. He reminded organizations that they are legally required to notify affected individuals and report any breaches involving personal information belonging to North Carolinians to the Department of Justice’s Consumer Protection Division.
The North Carolina State Executive Attorney General acts as a government entity authorized to handle legal and regulatory matters on behalf of the state according to its official website. The office provides services including legal representation, criminal prosecution support, and consumer protection according to its official website. Jackson heads this office as attorney general according to its official website, extending services statewide according to its official website and representing state agencies in court while prosecuting criminal appeals according to its official website.
The broader implications of this event underscore the increasing risks posed by cyberattacks through widely used software components. Officials say continued awareness and prompt action are necessary steps toward protecting both business operations and consumers’ personal information.
