Hillsborough County Public Schools, a school district in Florida, recently experienced a cybersecurity breach that exposed personal information of over 250 students. After conducting a forensic review, it was determined that an administrative file from the 2021-2022 academic year, which contained details of 254 students, was accessed without authorization. This file may have included sensitive information such as the students’ names, dates of birth, district student IDs, State IDs (which could be linked to their social security numbers), and school nurse visit information from that year.
To address this breach, the district has promptly communicated the situation to parents, providing them with information about the accessed details. In addition, the school district is offering complimentary identity protection services to affected students for a duration of one year. The district assures that their monitoring systems successfully prevented widespread disruption, as they took several network-connected systems offline as a precautionary measure. Subsequently, the Information Technology Services division, together with external experts and consultants, worked diligently over the weekend to restore full functionality and gather more data for further investigation.
Although the forensic investigation is ongoing, the district currently has no indication that any unauthorized access occurred in their student information system. However, efforts are underway to ascertain more about the incident and identify the extent of data accessed from HCPS systems. The district remains committed to addressing the breach, ensuring the security of their systems, and safeguarding the privacy of their students’ information.