Cyber Incident Victim: Pace Center for Girls

Unauthorized individuals accessed certain infrastructure systems at Pace Center for Girls, a Jacksonville, Florida-based education program serving at-risk adolescent girls, during an incident detected in the week of December 13, 2021. The organization's subsequent investigation confirmed in January 2021 that attackers had gained access to portions of its IT infrastructure containing sensitive student information. While the exact intrusion timeline wasn't disclosed, the breach exposed personal data of current and former students including full names, physical addresses, telephone numbers, dates of birth, and Florida Department of Juvenile Justice identification numbers. Educational records including enrollment data and behavioral health information were also compromised, along with parent/guardian names. The organization did not specify whether data exfiltration occurred or identify the intrusion method used by the attackers.

In response to the security breach, Pace Center for Girls engaged a third-party cybersecurity firm to assist with network remediation and security enhancements. The organization implemented measures to secure both network access and physical computer systems while conducting assessments of existing data protection controls and gateway security infrastructure. Officials committed to implementing additional security measures as needed to prevent future unauthorized access. The incident potentially affected up to 18,300 individuals, whom the organization advised to place fraud alerts with major credit bureaus Experian, Equifax, and TransUnion. Pace Center for Girls reported the breach to the U.S. Department of Health and Human Services Office for Civil Rights, though no evidence of actual or attempted misuse of compromised data had been identified at the time of notification.