North Carolina Faces Record Data Breaches as New Axios Cyber Threat Emerges
North Carolina experienced a historic surge in data breaches in 2025, with 2,349 incidents reported the highest number ever recorded in the state. According to the North Carolina Department of Justice, these breaches exposed the personal information of nearly 9.3 million residents.
A new cybersecurity threat has now emerged, targeting Axios, a widely used open-source JavaScript library. On March 31, hackers released malicious versions of an Axios update, potentially infecting systems that downloaded the compromised code. Given Axios’s prevalence in websites, applications, and internal tools, the risk of widespread impact is significant.
North Carolina Attorney General Jeff Jackson has called on businesses to act swiftly. Organizations are advised to check for Axios usage, isolate affected systems, verify trusted versions, and review logs for suspicious activity. Compromised credentials or access tokens should be revoked and reissued, and breached systems may need to be rebuilt from clean backups.
Under state law, businesses must notify affected individuals and report breaches to the Department of Justice’s Consumer Protection Division if personal data is exposed. The incident underscores the growing frequency of cyberattacks and the need for rapid response to mitigate damage.
Source: https://whky.com/ncdoj-attorney-general-warn-citizens-about-data-breaches/
Axios HQ cybersecurity rating report: https://www.rankiteo.com/company/axioshq
"id": "AXI1776738433",
"linkid": "axioshq",
"type": "Cyber Attack",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '9.3 million residents',
'location': 'North Carolina, USA',
'name': 'Multiple North Carolina businesses and '
'residents',
'type': 'State-wide entities and individuals'},
{'industry': 'Technology, Web Development',
'location': 'Global',
'name': 'Axios (JavaScript library users)',
'type': 'Open-source software users'}],
'attack_vector': 'Malicious software update (compromised Axios library)',
'customer_advisories': 'Affected individuals must be notified under state law '
'if personal data is exposed.',
'data_breach': {'number_of_records_exposed': '9.3 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personally identifiable '
'information)',
'type_of_data_compromised': 'Personal information'},
'date_detected': '2025-03-31',
'date_publicly_disclosed': '2025-03-31',
'description': 'North Carolina experienced a historic surge in data breaches '
'in 2025, with 2,349 incidents reported—the highest number '
'ever recorded in the state. A new cybersecurity threat '
'emerged targeting Axios, a widely used open-source JavaScript '
'library, where hackers released malicious versions of an '
'Axios update, potentially infecting systems that downloaded '
'the compromised code.',
'impact': {'data_compromised': 'Personal information of nearly 9.3 million '
'residents',
'identity_theft_risk': 'High (personal information exposed)',
'systems_affected': 'Websites, applications, and internal tools '
'using Axios'},
'lessons_learned': 'The incident underscores the growing frequency of '
'cyberattacks and the need for rapid response to mitigate '
'damage.',
'post_incident_analysis': {'root_causes': 'Supply chain compromise (malicious '
'Axios update)'},
'recommendations': ['Check for Axios usage',
'Isolate affected systems',
'Verify trusted versions of Axios',
'Review logs for suspicious activity',
'Revoke and reissue compromised credentials or access '
'tokens',
'Rebuild breached systems from clean backups'],
'references': [{'source': 'North Carolina Department of Justice'}],
'regulatory_compliance': {'regulations_violated': 'North Carolina data breach '
'notification laws',
'regulatory_notifications': 'Businesses must report '
'breaches to the '
'Department of '
'Justice’s Consumer '
'Protection Division'},
'response': {'containment_measures': ['Isolate affected systems',
'Verify trusted versions of Axios'],
'enhanced_monitoring': ['Review logs for suspicious activity'],
'remediation_measures': ['Revoke and reissue compromised '
'credentials or access tokens',
'Rebuild breached systems from clean '
'backups']},
'stakeholder_advisories': 'North Carolina Attorney General Jeff Jackson has '
'called on businesses to act swiftly.',
'title': 'North Carolina Data Breaches and Axios Cyber Threat',
'type': ['Data Breach', 'Supply Chain Attack'],
'vulnerability_exploited': 'Supply chain compromise (malicious Axios update)'}