Another Texas school district has disclosed that it was the victim of a cyberattack.
Tuloso Midway Independent School District in Nueces County, Texas, has slightly under 3,900 students. A notice posted on their website yesterday explained that on March 16, 2022, one employee’s email account was accessed without authorization. The statement does not reveal when the district first discovered the incident or how it was discovered.
On October 25, investigators confirmed that the account contained some personal information. The notice did not reveal how many individuals may have had their personal information exposed. The district stated they could not confirm the use or disclosure of any data, only that it was potentially exposed.
The potentially exposed data included individuals’ names and driver’s license numbers. No mention was made of any student data being potentially exposed.
The district’s notice can be found on its website.
A report the district filed with the state attorney general’s office today creates a somewhat different impression of the incident. According to the state’s public breach listing, the Tuloso Midway ISD incident potentially affected 2,311 Texas residents and involved the following types of data elements:
Name of individual; Social Security Number Information; Driver’s License number; Government-issued ID number (e.g. passport, state ID card); Financial Information (e.g. account number, credit or debit card number); Medical Information; Health Insurance Information; Other
If those data types were potentially exposed, those affected may want to seriously consider putting a security freeze on their credit report and asking the district to provide them with some identity theft monitoring and restoration services.