Skip to header Skip to Content Skip to Footer

Important NEW Update Regarding P&A Group Cybersecurity Incident from NCFlex

Important NEW Update Regarding P&A Group Cybersecurity Incident from NCFlex

We have collaborated with P&A Group to address our concerns following the recent cybersecurity incident. At this time, we believe data transmission can safely resume. To protect sensitive information moving forward, several safeguards have been implemented. These include a web application firewall (WAF) to block malicious traffic, system hardening—which involves updating software and restricting access to minimize vulnerabilities—increased network segmentation to isolate critical systems, and an investigation into GovRAMP to ensure P&A Group's practices align with state policies for safeguarding sensitive data.

Participant organizations are requested to coordinate with P&A Group regarding the transmission of delayed data feeds. The staff at P&A Group will prioritize processing these feeds.

We want to thank all participant organizations for their patience and commitment throughout the remediation of this cybersecurity incident with P&A Group. We especially appreciate the prompt responses from participant organizations and the expert guidance provided by the NC Department of Information Technology Enterprise Security and Risk Management Office (ESRMO) and the NC Office of the State Controller during this process. Your understanding and cooperation have been invaluable. We remain dedicated to upholding rigorous cybersecurity standards and will continue to prioritize the safety of all participant data.

Thank you again for your partnership.