Attorney General Jeff Jackson Warns Businesses to Protect Data After Axios Hack as NC Sees Record Data Breaches in 2025

FOR IMMEDIATE RELEASE
Wednesday, April 15, 2026
Contact: [email protected]
919-538-2809

RALEIGH - Last year, North Carolina businesses and government agencies reported 2,349 data breaches to the Department of Justice - the most the state has ever recorded. Those breaches exposed the personal information of nearly 9.3 million North Carolinians.

Now there's a new threat.

On March 31, hackers published malicious versions of an update to Axios - a popular open-source JavaScript library downloaded millions of times each week - and installed malware on any system that downloaded the update. Businesses that use Axios in their websites, applications, or internal tools may have had sensitive consumer data compromised.

Attorney General Jeff Jackson is urging businesses to check their systems immediately.

"Last year was the worst year for data breaches in North Carolina history," said Attorney General Jeff Jackson. "The Axios hack shows why these numbers keep climbing - a single compromised software update can expose data across thousands of businesses at once. If Axios is part of your software system, check your system today."

North Carolina businesses should consult with their IT departments or software providers to determine whether Axios is included in any websites, applications or internal tools that they use. If it is, businesses should take the following steps:

1. Identify any systems that installed Axios updates during the time it was compromised, then immediately remove those systems from your network to prevent additional unauthorized activity.
2. Confirm only verified versions of Axios are installed on your systems and review dependency lockfiles to ensure no malicious versions were downloaded.
3. Check all affected systems for signs that they were compromised, including unusual outbound network activity and unauthorized processes or files, and check logs for suspicious behavior.
4. Revoke and reissue any credentials, keys, or tokens that may have been accessible on affected systems.
5. If you find signs of a compromise or can't rule one out, rebuild affected systems from a snapshot or base image you know is clean.
6. If any personal information of North Carolinians was accessed as a result of the hack, you must notify those affected and the North Carolina Department of Justice's Consumer Protection Division.

If any personal information belonging to North Carolinians was accessed as a result of the hack, businesses are legally required to notify those affected and to report the breach to the North Carolina Department of Justice's Consumer Protection Division.

With data breaches on the rise in North Carolina, it's important to take steps to protect your devices and networks. Here are some things you can do:

• Keep all devices updated - phones, tablets, smart watches, and smart speakers need security updates just as much as your laptop.

• Don't open emails, click links, or download attachments from senders you don't recognize. If something looks off - a strange sender address, unexpected timing, spelling errors - flag it before you click.

• Use strong, unique passwords for each account. If one account is compromised, it shouldn't give someone access to the rest.

• Sign out of accounts when you're done, and clear saved passwords from devices you share with others.

• Avoid making purchases or accessing financial accounts on public Wi-Fi. Those networks aren't secure.

• If a device is lost or stolen, tell your IT team immediately. They may be able to protect or remotely wipe any data on it.

###