On July 26, 2023, Hillsborough County filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that a data breach involving the MOVEit file transfer tool put the personal information of residents at risk. In this notice, Hillsborough County explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their first and last names, Social Security numbers, dates of birth, home addresses, medical conditions and diagnoses, and disability codes. Upon completing its investigation, Hillsborough County began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Hillsborough County, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft as well as discuss your legal options following the MOVEit / Hillsborough County data breach. For more information, please see our recent piece on the topic here.

What Caused the Hillsborough County MOVEit Breach?

The Hillsborough County data breach was only recently announced, and more information is expected in the near future. However, Hillsborough County’s filing with the U.S. Department of Health and Human Services Office for Civil Rights provides some important information on what led up to the breach. Hillsborough County also posted notice of the incident on its website.

According to these sources, on June 1, 2023, Hillsborough County was informed that a file transfer application used by the County, called MOVEit, of a global data breach. In response, Hillsborough County Cyber Security worked with the company that created MOVEit to install all necessary patches to eliminate future unauthorized access.

However, on June 18, 2023, Hillsborough County Cyber Security determined that some files belonging to Hillsborough County may have been affected by the breach. Subsequently, Hillsborough County determined that these files contained confidential information belonging to certain residents and vendors.

After learning that sensitive consumer data was accessible to an unauthorized party, Hillsborough County reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your first and last name, Social Security number, date of birth, home address, medical conditions and diagnoses, and disability codes.

On July 26, 2023, Hillsborough County sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

Notably, Hillsborough County files were not specifically targeted in the cyberattack. However, information that was in the possession of Hillsborough County was affected because the County was a MOVEit customer.