Return to Headlines

Notice to Our Students of Timberline Data Security Incident

Iowa City Community School District (the “District”) is committed to protecting the security and privacy of our students’ information. Regrettably, we recently learned of an incident that occurred at one of our vendors, Timberline Billing Services, Inc. (“Timberline”), that involved some the District’s information.  

Timberline provides Medicaid billing and reimbursement services to the District. On September 2, 2020, Timberline informed us that an unknown actor accessed its network between February 12, 2020 and March 4, 2020, encrypted certain files, and removed certain information from its network. Timberline immediately began an investigation to determine what information was involved. This incident did not involve any access to our internal systems or student records.

Because Timberline’s investigation was unable to determine what information was actually removed, Timberline reviewed all files that could have been accessed by the unknown actor. Timberline’s review determined that the files contained some of our current and former students’ information, including names, dates of birth, Medicaid identification number and related billing information. In very limited instances, a student’s Social Security number was also included in the files.

Timberline is not aware of any misuse of the data as a result of this incident. However, in an abundance of caution, Timberline is offering affected students complimentary credit monitoring and identity protection services. On October 20, 2020, Timberline began mailing letters to the affected students. Timberline has also established a dedicated, toll-free call center to answer questions that parents or students may have about the incident. If you have questions, please call (844) 439-7669, Monday through Friday, between 8:00 a.m. and 10:00 p.m. Central Time.  

We want our parents and students to know that we are taking this matter very seriously. We value the trust you have placed in us and regret any concern this incident may cause. To help prevent something like this from happening again, Timberline assured the District that it is taking steps to enhance the security of its systems, including upgrading all servers and firewalls, resetting all user passwords, requiring frequent password rotations, and migrating school and student data to a cloud location.