Northwest Florida State College has announced that a recent data breach has affected a total of 279,000 students and employees. The exposed data includes names, addresses, birth dates and Social Security numbers.
"The breach occurred sometime between late May and late September," writes The Tampa Bay Times' Robbyn Mitchell. "The school notified the public on Monday. It was discovered during an internal review from Oct. 1 through Oct. 5."
"The breach was first thought to have been isolated to employees at Northwest Florida State College but may involve student records from across the state, education officials said," writes CNET News' Steven Musil. "More than 200,000 records were stolen in the breach, including the names, birth dates, and Social Security numbers of any student who was eligible for Florida's Bright Futures scholarships from 2005 to 2007."
"At least 50 employees were hit by identity thefts as a result of the breach, college president Ty Handy said in a memo to employees on Monday," writes ITworld's John Ribeiro. "Hackers accessed one folder with multiple files on the main server, and were able to piece together the information required for the identity theft by working between files, although no one file had a complete set of personal information regarding individuals, he said."
"Those employees' identities were used to obtain 'pay-day' loans from PayDayMax, Inc. and Discount Advance Loans, as well as to obtain Home Depot credit cards," writes Ars Technica's Sean Gallagher. "The loans were set up for payments to be automatically deducted from the victims' bank accounts. The college is still investigating which students' records were exposed."
"State law allows organizations a 45-day window to alert victims, but Handy said campus officials decided to notify everyone well ahead of that deadline," writes Threatpost's Anne Saita. "Because of the size of the breach, local police have teamed with state and federal cybercrime experts to investigate."