Almost 280,000 to be notified of hack at Northwest Florida State College; ID theft reported
Jim Turner reports:
An information security breach has been reported involving employee and student records at Northwest Florida State College in Niceville.[…]
According to the state Department of Education, the breach included more than 3,000 employee records and approximately 76,000 Northwest College student records containing personal identification information; and approximately 200,000 records with information including names, Social Security numbers, dates of birth, ethnicity, and gender for students across the state who were eligible for Bright Futures scholarships for the 2005-06 and 2006-07 school years.
Read more on Sunshine State News.
The NWFSC student information compromised in the security breach contains public directory information including name and address, as well as confidential student data including birth date and Social Security number. The Bright Futures scholars’ data file includes all State of Florida Bright Futures eligible students during the 2005-06 and 2006- 07 academic years. This data file contains student names, Social Security numbers, dates of birth, ethnicity and gender. No student academic files have been compromised.
The college reports that the breach was discovered following an internal review conducted between October 1 – 5 after the college started receiving reports from employees of fraud. Even the college’s president became a victim.
In a memo to employee sent on October 8 via e-mail, the college informed them:
We know from May 21, 2012 until September 24, 2012 one or more hackers accessed one folder on our main server. This folder had multiple files on it. No one file had a complete set of personal information regarding individuals. However, by working between files, the hacker(s) have been able to piece together enough information to be able to engage in the theft of identity of at least 50 employees.
We know by working between files data regarding Name, Social Security Number, Date of Birth, and Direct Deposit Account numbers were accessed. Additional directory information such as address, phone numbers, college email address, etc. was also likely compromised.
We know three specific mechanisms have been used to engage in identity theft. The first is to use PayDayMax, Inc. as a conduit for taking out a personal loan which is repaid by debiting your bank account. The second is the same process using Discount Advance Loans. The third is to apply for a Home Depot Credit Card in an employee’s name and then use that card.
We know current employees and all retirees/past employees since 2002 that have had direct deposit of their pay have the potential to have had their information compromised.
The college says that the system has now been secured.
Kudos to the college for doing a terrific job of notifying employees promptly and issuing timely updates as they learn more.