X

Thousands of student records stolen in Florida college breach

Confidential information of nearly 300,000 students, faculty, and employees is accessed in hack, education officials warn.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
See full bio
Steven Musil
2 min read

Hackers have accessed the confidential information of nearly 300,000 students, employees, and faculty in a massive security breach at a Florida college, officials said today.

The breach was first thought to have been isolated to employees at Northwest Florida State College but may involve student records from across the state, education officials said. More than 200,000 records were stolen in the breach, including the names, birth dates, and Social Security numbers of any student who was eligible for Florida's Bright Futures scholarships from 2005 to 2007.

"We speculate this was a professional, coordinated attack by one or more hackers," Northwest Florida State College President Ty Handy said in a memo (PDF) sent to employees Monday. "We believe that the hackers are having to do specific work to pull together enough information about an individual employee to steal their identity."

More than 3,000 employee records and 76,000 student records containing personal identification information were also stolen, officials said.

"We want to be sure that we fully understand the situation and provide accurate information to those impacted," Florida College System Chancellor Randy Hanna said in a statement. "While some of the contact information is dated, we will be trying to reach every student whose records may have been captured."

Federal authorities have joined the investigation into the breach, which officials estimate occurred between late May and late September. At least 50 employees have suffered identity theft as a result of the breach, including the college president, Handy said.

Because identity theft has occurred, the breach appears unrelated to a massive series of breaches that occurred recently at dozens of universities around the world. A group calling itself GhostShell posted 120,000 records from breached servers at Harvard, Stanford, Cornell, and Princeton. However, rather than being motivated by pranksterism or a desire to steal identities, GhostShell said the goal of its data dump was to focus public attention on the state of higher education.