Timberline Billing Service, LLC, a company that provides Medicaid billing and reimbursement services to school districts in Iowa, is sending letters to students from several districts to notify them of “a privacy incident that may have involved some of their information”.

According to a press release from Iowa City Community School District’s Director of Community Relations Kristin Pedersen, on Sept. 2, Timberline notified the Iowa City district of the data security incident. 

Between Feb. 12, and March 4, an unknown actor accessed Timberline’s network, encrypted certain files, and removed certain information from the network. Some of the files Timberline determined could have been accessed in the breach contained information about Iowa City school students, the release said.“Because Timberline’s investigation was unable to determine what information was actually removed, Timberline reviewed all files that could have been accessed by the unknown actor,” Pedersen said in the release. “Timberline’s review determined that the files contained information for some current and former students of the District, including names, dates of birth, Medicaid identification number and related billing information. In very limited instances, a student’s Social Security number was also included in the files.”

Timberline is not aware of any misuse of this data, the press release said. The company is offering complimentary credit monitoring and identity protection services to affected students. It also established a call center for parents and students with questions about the incident.