POLK COUNTY, Fla. (WFLA) – Parents want answers after finding out their children’s information may have been exposed in a Dec. 2019 data breach linked to Polk County Public Schools.

Potentially exposed information includes student names, ID numbers, birthdates, and in a subset of cases, social security numbers, according to PCS Revenue Control Systems, Inc.

“You’re talking having my child’s – what information, I don’t know exactly. They’re not giving full details of potentially what was on that system,” said Kevin Sapp, a parent who lives in Bartow.

Sapp was surprised to receive a letter in the mail from PCS Revenue Control Systems this week.

Then he saw a follow-up post from Polk County Public Schools. The school district confirmed the letter is legitimate.

It previously worked with PCS Revenue Control Systems to collect information from parents who applied for free or reduced-priced meals.

“Polk County Public Schools is asking for more information from the company on this situation, including how many students might have had their data exposed during this breach,” the press release reads.

Polk County Public Schools was not able to provide anyone for an interview with 8 On Your Side Wednesday.

In December 2019, PCS identified unauthorized access to a server that included files and records related to certain school lunch and meal program, according to the company.

An email account was also improperly accessed, the company said.

Many parents are expressing confusion online.

They received letters even though their children weren’t in the school district at the time of the breach or their children have long since graduated.

Sapp tells 8 On Your Side he never applied for free or reduced-priced lunch.

“It’s not just me. There are several reporting, ‘Hey, I didn’t apply for this. Why is my child being used for this particular information?’” he asked.

Students at Hernando County Schools are also affected by the potential breach.

The district used PCS for school meal payments and food service software until the end of the 2017-2018 school year, the superintendent said.

Hernando Schools provided the company with the last four digits of students’ social security numbers.

“You may not be aware but all companies that collect personal information from customers are required by law to maintain records for six years. That is why PCS notified families that had students enrolled in our schools between 2015 and 2018 when we ended our contract with them,” said superintendent John Stratton in a video message to parents.

Families are being offered one year of identity theft monitoring free of charge from Kroll, a risk management and response company.

They have until June 15 to sign up.

“Because the larger companies are getting their arms around security, it’s harder for them to infiltrate those infrastructures so they’re working their way down the supply chain and picking on the little guys,” said Ronald Frechette, CEO of GoldSky Security.

Frechette said children’s information is so valuable to cyber criminals because it’s fresh.

“That social security number has never been run to get credit or to do whatever so this is fresh data that they can use to go out and try to get loans and do all kinds of stuff,” said Frechette.