A United States school district has issued a warning to 50,000 students and workers that their data may have been hacked after a ransomware attack. During a cyber-attack between November 2020 – March 2021, the Broward County School District in Florida confirmed that cybercriminals might have acquired personal information.
The district had earlier kept the incident’s specifics under wraps, claiming that no data had been compromised. However, the university mentioned previously this week (November 29) that the illegal access may have included sensitive information belonging to some academics, staff, and students.
According to a letter from the school district, “an unauthorized person obtained access to BCPS systems between November 12, 2020, and March 6, 2021.” It further states that the inquiry discovered some documents held on the district’s systems had been accessed and made public on April 19, 2021.
On June 8, 2021, it was found that the cybercriminals had published data, including information such as people’s identities and Social Security numbers. Further investigation on June 29, 2021, revealed that the data accessed might contain information about self-insured health plans:
“On April 19, 2021, the investigation revealed certain records stored on the District’s systems had been acquired and publicly released. On June 8, 2021, it was determined that the records released by the cyber criminals included information that included individuals’ names and Social Security numbers. On June 29, 2021, further analysis indicated that the data accessed may include information relating to our self-insured health plan, including individuals’ names, dates of birth, Social Security numbers, and benefits selection information.”
Those impacted by the incident have been notified, and free credit monitoring services have been given. These people should be on the lookout for any unlawful behavior by monitoring account statements, explanation of benefits statements, health provider bills, and free credit reports. More information and recommendations on safeguarding against fraud following a data breach may be found in the letter.