Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Northwest Florida State College Says Clever Attackers Were Successful in Data Breach

Professional, coordinated attackers with a plan, breached a server maintained by Northwest Florida State College (NWFSC) and walked off with nearly 300,000 records, and have used the information to commit at least 50 acts of identity theft, the school’s president said.

Professional, coordinated attackers with a plan, breached a server maintained by Northwest Florida State College (NWFSC) and walked off with nearly 300,000 records, and have used the information to commit at least 50 acts of identity theft, the school’s president said.

NWFSC officials reported on Monday that between May and September of this year, a server containing records on some 3,200 employees was breached. Notification using all campus email was initiated, and the staffers were told to watch for unusual patterns on their credit report.

On Wednesday, the school updated the initial report after further investigation to include the fact that data on 76,500 current and past students, as well as 200,000 Bright Future scholars across the entire state of Florida were impacted. The investigation is ongoing, with both an external expert consultant and a cybercrime investigator from the Okaloosa County Sheriff’s Office involved. NWFSC is also working with the Division of Florida Colleges in the Department of Education to notify all students impacted by the data breach.

“The integrity of the NWFSC system has been restored and there is no indication of any additional instances of compromise of personal information,” said Dr. Ty Handy, college president.

The lack of further incident is good news to be certain, but Dr. Handy’s memo to the school’s staff on the incident is both disturbing and eye opening from an Information Security perspective. If anything, it can serve as a nightmare scenario for organizations on data protection.

According to the investigation details in the memo, between May 21 and September 24 of this year, the attackers targeted a single folder on the main NWFSC server. The folder housed several files on it with personal information, but no single file had a complete set of information.

“However, by working between files, the hacker(s) have been able to piece together enough information to be able to engage in the theft of identity of at least 50 employees…by working between files, data regarding Name, Social Security Number, Date of Birth, and Direct Deposit Account numbers were accessed. Additional directory information such as address, phone numbers, college email address, etc. was also likely compromised.”

With the collected data, the attackers have used PayDayMax, Inc., as well as Discount Advance Loans (iGotit.com, Inc.), to take out loans and have them repaid from the employee’s bank account. Both pay-day loan services are located in Canada and linked to several cease and desist actions from various states, as well as consumer complains for overcharging on fees and interest. In addition, the stolen data has been used to apply for Home Depot credit cards under the employee’s name.  

Advertisement. Scroll to continue reading.

“We speculate that this was a professional, coordinated attack by one or more hackers,” the memo from Dr. Handy said. 

NWFSC has also speculated that vendors (less than 40) with whom the school has used electronic funds transfers for bill payments are also at risk, but they have no proof to say one way or another. At this point, they are not willing to rule it out.

“The access pathway used to invade our main server has been sealed. We hope to know, by the end of this week precisely who had their information compromised. We will not wait 45 days to provide individual contact regarding this, instead we will notify individuals as soon as we can,” Dr. Handy added.

“I regret that this situation has occurred. It is most unfortunate,” he continued. “I applaud the quick response and hard work of the IT department to identify and close the access point and for their ongoing efforts to ferret out what and who was compromised once they became aware of the infiltration. I recognize that this is a significant hassle for those whose information is used to commit Identity Theft. I was one of the first seven or eight to be hit personally and I have spent several hours on the phone working with my bank and others to protect myself. It is not an enjoyable experience and for that I apologize.”

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

Adam Zoller has joined CrowdStrike as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.