Protected information on 254 students has been accessed improperly as a result of a cybersecurity breach, the Hillsborough County school district said in letters sent to families on Friday.
The information may include names, dates of birth, district student identification numbers, state identification or Social Security numbers, and details about school nurse visits during the 2021-2022 school year.
District officials learned of the breach during a review undertaken weeks ago, after they identified unusual activity involving some of their network systems.
Addressing the school board on Sept. 7, Superintendent Van Ayres said it appeared at the time that the problem did not affect the system that stored the vast majority of student educational data. But the review showed that an administrative file containing student data from the 2021-22 school year had been accessed without authorization.
The district sent a detailed letter with hotline information to the affected families and a more general letter to all families in the school system, which enrolls more than 220,000 students this year. The affected families will be offered a complimentary identity protection service for their children through a company called IDX.
The service includes 12 months of a monitoring system called CyberScan, described on the IDX website as “a tool that continually searches the deep and dark web to see if your information has been potentially exposed to cybercriminals — and 24/7 credit monitoring.” Families also will be offered a $1 million insurance reimbursement policy and fully managed identity theft recovery services.
The deadline to enroll is Jan. 21, 2024.
“We encourage you to activate your child’s complimentary IDX services,” Friday’s letter to the affected families said. “We take your trust in us and this matter very seriously. Please accept our sincere apologies for any worry or inconvenience this may cause you.”