Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Northwest Florida State College Says Clever Attackers Were Successful in Data Breach

Professional, coordinated attackers with a plan, breached a server maintained by Northwest Florida State College (NWFSC) and walked off with nearly 300,000 records, and have used the information to commit at least 50 acts of identity theft, the school’s president said.

Professional, coordinated attackers with a plan, breached a server maintained by Northwest Florida State College (NWFSC) and walked off with nearly 300,000 records, and have used the information to commit at least 50 acts of identity theft, the school’s president said.

NWFSC officials reported on Monday that between May and September of this year, a server containing records on some 3,200 employees was breached. Notification using all campus email was initiated, and the staffers were told to watch for unusual patterns on their credit report.

On Wednesday, the school updated the initial report after further investigation to include the fact that data on 76,500 current and past students, as well as 200,000 Bright Future scholars across the entire state of Florida were impacted. The investigation is ongoing, with both an external expert consultant and a cybercrime investigator from the Okaloosa County Sheriff’s Office involved. NWFSC is also working with the Division of Florida Colleges in the Department of Education to notify all students impacted by the data breach.

“The integrity of the NWFSC system has been restored and there is no indication of any additional instances of compromise of personal information,” said Dr. Ty Handy, college president.

The lack of further incident is good news to be certain, but Dr. Handy’s memo to the school’s staff on the incident is both disturbing and eye opening from an Information Security perspective. If anything, it can serve as a nightmare scenario for organizations on data protection.

According to the investigation details in the memo, between May 21 and September 24 of this year, the attackers targeted a single folder on the main NWFSC server. The folder housed several files on it with personal information, but no single file had a complete set of information.

“However, by working between files, the hacker(s) have been able to piece together enough information to be able to engage in the theft of identity of at least 50 employees…by working between files, data regarding Name, Social Security Number, Date of Birth, and Direct Deposit Account numbers were accessed. Additional directory information such as address, phone numbers, college email address, etc. was also likely compromised.”

With the collected data, the attackers have used PayDayMax, Inc., as well as Discount Advance Loans (iGotit.com, Inc.), to take out loans and have them repaid from the employee’s bank account. Both pay-day loan services are located in Canada and linked to several cease and desist actions from various states, as well as consumer complains for overcharging on fees and interest. In addition, the stolen data has been used to apply for Home Depot credit cards under the employee’s name.  

Advertisement. Scroll to continue reading.

“We speculate that this was a professional, coordinated attack by one or more hackers,” the memo from Dr. Handy said. 

NWFSC has also speculated that vendors (less than 40) with whom the school has used electronic funds transfers for bill payments are also at risk, but they have no proof to say one way or another. At this point, they are not willing to rule it out.

“The access pathway used to invade our main server has been sealed. We hope to know, by the end of this week precisely who had their information compromised. We will not wait 45 days to provide individual contact regarding this, instead we will notify individuals as soon as we can,” Dr. Handy added.

“I regret that this situation has occurred. It is most unfortunate,” he continued. “I applaud the quick response and hard work of the IT department to identify and close the access point and for their ongoing efforts to ferret out what and who was compromised once they became aware of the infiltration. I recognize that this is a significant hassle for those whose information is used to commit Identity Theft. I was one of the first seven or eight to be hit personally and I have spent several hours on the phone working with my bank and others to protect myself. It is not an enjoyable experience and for that I apologize.”

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.