Cyber Incident Victim: PCS Revenue Control Systems, Inc.

On December 19, 2019, PCS Revenue Control Systems, Inc. identified unauthorized access to a server previously owned by Advanced Business Technologies (ABT), a company PCS had acquired in 2016. The compromised server contained files and records related to school lunch and meal programs administered by PCS for educational institutions. The breach exposed sensitive student information, including names, student identification numbers, and dates of birth. Polk County School District in Florida was among the affected entities, though the full scope of impacted school districts remains unspecified in available disclosures. PCS did not publicly disclose the exact method of unauthorized access or whether data was exfiltrated versus merely accessed. The incident remained undisclosed to the public until March 2021 when Polk County Schools began notifying affected families through letters sent by PCS.

The delayed notification occurred over 15 months after breach discovery, with PCS attributing the incident to ABT's legacy infrastructure. Impacted individuals received offers for free identity monitoring services through the notification letters. Polk County Schools validated the legitimacy of these communications via their social media channels, advising recipients to preserve the notices for enrollment instructions. PCS submitted a breach notification to the California Attorney General’s Office, confirming the event's association with meal program records but providing no additional technical details about the attack vector or remediation steps taken. The breach exclusively compromised demographic identifiers without involving financial, health, or academic records based on disclosed information. No further public updates regarding investigations, regulatory actions, or long-term corrective measures by PCS were documented in the available source material.