Massive data breach at Florida college hits 279,000 students and employees

The Niceville, Fla.-based college originally said on its security page that a computer system breach compromised the personal information of some 3,200 current and retired college employees between May 21 and Sept. 24, including names, birth dates, employee direct deposit bank routing and account number information, and, worryingly, Social Security numbers. The attacks came from outside, it added.

But it quickly widened the scope, updating the victim totals to more than 3,000 employee records, about 76,000 Northwest College student records and another 200,000 for students across the state who were eligible for Bright Futures scholarships for the 2005–06 and 2006–07 school years. Those records contained names, Social Security numbers, dates of birth, ethnicity and gender.

College president Ty Handy said that the attacks appear to be professional and coordinated. Hackers accessed an umbrella folder with multiple files on the main server, and cross-referenced the documents to piece together complete informational pictures of the victims.

So far, at least 50 employees were hit by identity theft as a result of the breach. When it comes to the students, the college said that it is trying to reach every student whose records may have been captured," said Florida College System Chancellor Randy Hanna.

Local, state and federal agencies are investigating the incident, but the threat vector has been closed, administrators said. “I regret that this situation has occurred. It is most unfortunate,” Handy said. “I applaud the quick response and hard work of the IT department to identify and close the access point and for their ongoing efforts to ferret out what and who was compromised once they became aware of the infiltration. I recognize that this is a significant hassle for those whose information is used to commit identity theft. I was one of the first seven or eight to be hit personally and I have spent several hours on the phone working with my bank and others to protect myself. It is not an enjoyable experience and for that I apologize."

What’s hot on Infosecurity Magazine?