Like many families, Derek Jones was spending the last few days of summer with his daughter Aniyah before she returned to the classroom.While he gets her ready to start her first day of first grade at Garfield Elementary, the Cedar Rapids School district said it had paid a third party to protect information that was accessed: Social Security numbers, bank account information, medical information, and other personal information.“Obviously, Social Security numbers and bank accounts shouldn’t be shared with anyone who doesn’t need it,” said Jones.According to the Iowa Attorney General’s Office, this cyberattack impacted about 9,000 people.In a letter to parents and staff, Superintendent Noreen Bush said:"Earlier this summer, we made you aware of a cyber security incident that was identified by CRCSD. Since this time, we have worked with our internal IT staff and third-party cyber security experts to help resolve this matter and to take steps to ensure something similar does not happen again.As part of the process to resolve this matter, CRCSD made payment to a third-party entity to ensure critical information that may have been accessed was not released. We made this decision after consulting closely with cyber security experts and legal counsel and determining it was in the best interest of our school community.We sincerely thank you for your patience and understanding as we work to resolve the matter and turn our focus to the start of the 2022-2023 school year. We look forward to the upcoming school year and appreciate all of the amazing staff, students, and families who will make it a great year." It isn’t clear who the district paid or how much the district paid.