South Carolina residents have been caught in the crossfire of a string of corporate data breaches, and the state’s consumer watchdog is sounding the alarm. The South Carolina Department of Consumer Affairs (SCDCA) has issued warnings regarding three separate incidents involving Prosper Marketplace, Kaplan North America, and the education platform PowerSchool. Together, these breaches have exposed hundreds of thousands of South Carolinians to significant risk of identity theft.
Here’s what happened, who’s affected, and what you can do right now.
Prosper Marketplace: 236,000 South Carolinians Exposed
The largest of the three incidents involves Prosper Marketplace, a San Francisco-based fintech company that connects borrowers and investors through personal loans and financial products.
A data breach notice filed with the SCDCA on December 11 revealed that Prosper discovered unauthorized activity on its systems on September 1. The company says it publicly reported the incident on September 17 and began notifying affected customers on December 9, after its investigation concluded in late November.
Investigators determined that personal information was accessed between June and August through unauthorized queries on company databases. The exposed data is extensive: names, Social Security numbers, dates of birth, bank account numbers, driver’s license numbers, passport numbers, tax information, payment card numbers, and more.
In total, more than 13 million people were affected nationwide, with over 236,000 victims in South Carolina alone. Prosper has stated there is no evidence that customer accounts or funds were accessed. Still, the breadth of personal and financial data involved makes this one of the more damaging breaches in recent memory.
Affected individuals are being offered two years of complimentary credit monitoring and identity restoration services through Experian’s IdentityWorks.
Kaplan North America: 26,000+ Students and Professionals Affected
The second breach involves Kaplan North America LLC, a well-known education and test-preparation company.
The SCDCA confirmed the breach on March 17, which impacted 26,612 South Carolina residents. An unauthorized actor accessed Kaplan’s computer network between October 30 and November 18, 2025, and stole files containing names, Social Security numbers, and driver’s license numbers.
Kaplan responded by activating its incident response plan, containing the breach, and notifying law enforcement. The company is also offering complimentary identity theft detection services through Experian IdentityWorks for those affected, and is urging recipients to monitor their credit reports for suspicious activity.
PowerSchool: Students’ Data at Risk, Including Children’s
Perhaps the most alarming breach involves PowerSchool, a widely used school management platform. What makes this incident distinct is that the target was children.
The SCDCA confirmed that all state school districts except four were involved in the breach, and the department urged parents to check whether their child has a credit report, a potential indicator of child identity theft.
Officials also recommended that parents consider placing a protective consumer freeze on their child’s credit report. This allows parents to create a credit file in their child’s name and immediately freeze it, preventing creditors from accessing it. Requests can be placed directly with Experian, TransUnion, or Equifax.
Child identity theft is particularly insidious because it often goes undetected for years, sometimes until the child applies for their first loan or apartment as an adult.
South Carolina’s Data Breach Landscape
Despite these high-profile incidents, the SCDCA has noted some cautious improvement. In 2025, 99 businesses reported breaches affecting nearly 3 million South Carolina residents, a 56 percent decline from 2024, when over 6.7 million residents were impacted across 121 reported breaches. Financial services and healthcare remained the most breach-prone sectors.
That’s cold comfort if your information is part of one of these incidents. The data exposed across these three breaches alone, financial records, Social Security numbers, and student data, is exactly the type of information that surfaces on dark web marketplaces, where it gets bought and sold for fraud, identity theft, and account takeover attacks.
What You Should Do Right Now
If you received a breach notification from any of these companies, or suspect your data may have been involved, here’s how to respond:
- Check your credit. Pull your free credit reports at AnnualCreditReport.com and look for accounts or inquiries you don’t recognize. If you’re a parent, check whether your child has a credit report on file.
- Place a credit freeze. Freezing your credit with all three bureaus (Experian, TransUnion, Equifax) is free and prevents new credit from being opened in your name without your consent. Do this for your children, too.
- Use the free monitoring. If Prosper or Kaplan notified you, enroll in the Experian IdentityWorks coverage they’re offering. Two years of monitoring is meaningful; use it.
- Monitor the dark web. Breached data often doesn’t appear in fraud schemes immediately; it may sit dormant on underground forums for months before being weaponized. Tools like DeXpose scan dark web sources continuously and alert you the moment your email, credentials, or personal data appear in a known breach or marketplace listing.
- Contact the SCDCA. If you believe someone is using your information or your child’s information, contact the SCDCA’s Identity Theft Unit at 1-800-922-1594.
Final Thought
The SCDCA breach warnings regarding Prosper Marketplace, Kaplan North America, and PowerSchool are a reminder that data breaches aren’t just IT problems; they’re personal emergencies with long-lasting financial consequences. The gap between when a breach occurs and when you’re notified can be months. By the time a company sends a letter, your data may already be circulating.
Proactive monitoring, especially on the dark web, is no longer optional. It’s the difference between catching fraud early and spending years cleaning up someone else’s mess.
