Thousands of student records stolen in Florida college breach
Confidential information of nearly 300,000 students, faculty, and employees is accessed in hack, education officials warn.
Hackers have accessed the confidential information of nearly 300,000 students, employees, and faculty in a massive security breach at a Florida college, officials said today.
The breach was first thought to have been isolated to employees at Northwest Florida State College but may involve student records from across the state, education officials said. More than 200,000 records were stolen in the breach, including the names, birth dates, and Social Security numbers of any student who was eligible for Florida's Bright Futures scholarships from 2005 to 2007.
"We speculate this was a professional, coordinated attack by one or more hackers," Northwest Florida State College President Ty Handy said in a memo (PDF) sent to employees Monday. "We believe that the hackers are having to do specific work to pull together enough information about an individual employee to steal their identity."
More than 3,000 employee records and 76,000 student records containing personal identification information were also stolen, officials said.
"We want to be sure that we fully understand the situation and provide accurate information to those impacted," Florida College System Chancellor Randy Hanna said in a statement. "While some of the contact information is dated, we will be trying to reach every student whose records may have been captured."
Federal authorities have joined the investigation into the breach, which officials estimate occurred between late May and late September. At least 50 employees have suffered identity theft as a result of the breach, including the college president, Handy said.
Because identity theft has occurred, the breach appears unrelated to a massive series of breaches that occurred recently at dozens of universities around the world. A group calling itself GhostShell posted 120,000 records from breached servers at Harvard, Stanford, Cornell, and Princeton. However, rather than being motivated by pranksterism or a desire to steal identities, GhostShell said the goal of its data dump was to focus public attention on the state of higher education.