Students at six Florida community colleges this week are learning a harsh lesson about data security after school officials began notifying them that their personal information was inadvertently exposed in late May and early June during what was supposed to be a routine software upgrade.

Community college officials said more than 126,000 students attending Broward College, Florida State College at Jacksonville, Northwest Florida State College, Pensacola State College, South Florida Community College and Tallahassee Community College were the innocent victims of a botched software upgrade by the College Center for Library Automation (CCLA).

While the exact type of information exposed was not disclosed, Florida state law requires companies and organizations to notify victims whenever data, such as names, social security numbers or driver's license numbers are compromised.


CCLA officials said the information was available online from May 29 to June 2. The community colleges were affected because their borrower records were contained in temporary work files that were being processed at the time the breach occurred. CCLA blamed a "software glitch" for the accidental exposure of the students' data.

The library agency learned of the incident on June 23, after a student reported finding personal information through a Google search.

"We pride ourselves on protecting private information and deeply regret this inadvertent exposure," CCLA CEO Richard Madaus told the South Florida Sun-Sentinel. "I apologize to those involved for any worry or inconvenience this may cause them. We will continue to enhance our technology to safeguard all of the information entrusted to us."

CCLA acknowledged that the information was viewed by unauthorized individuals but, thus far, it doesn't appear that any of the students' data has been misused.

This marks the second significant data breach at Florida-based colleges and universities in a little over a month.

In late June, Florida International University officials broke the bad news to 19,000-plus students that an unsecured database was breached at its College of Education, giving prying eyes an opportunity to view names, social security numbers and other personal information.

Similar incidents have plagued scores of colleges and universities from Hawaii to Maine in the past year.

Along with sending out the state law-mandated notification letters, CCLA has initiated an internal investigation and review of its data security protocol and turned over information to the Broward County Sheriff's Department for further investigation.

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.

Keep up with data breach news; follow eSecurityPlanet on Twitter @eSecurityP.