A massive security breach at Northwest Florida State College has affected 300,000 records in the school's computer systems, including information on about 200,000 students statewide who were once eligible for Bright Futures scholarships, the school said Wednesday.
The compromised information contained the names and Social Security and bank routing numbers of students, teachers, staff and retirees.
Hackers also stole 200,000 records of people who may never have attended or set foot on the Niceville campus in Okaloosa County. The names, Social Security numbers and dates of birth for students statewide who were Bright Futures scholarship candidates in 2005-06 and 2006-07 also were taken, the school said.
The Bright Futures program grants scholarships to public colleges and universities in the state based on academic merit.
Among the other files taken by the hackers: some 76,000 student records containing personal information and more than 3,000 employee records, including some that contained confidential financial information. Among the employees, about 50 have reported having their identity stolen or funds taken from bank accounts used for direct deposit.
The breach occurred sometime between late May and late September. The school notified the public on Monday. It was discovered during an internal review from Oct. 1 through Oct. 5.
The school's president, Ty Handy, was among the employees victimized, the school said.
"We know that from May 21, 2012, until Sept. 24, 2012, one or more hackers accessed one folder on our main server. This folder had multiple files on it. No one file had a complete set of personal information regarding individuals," Handy said in a statement. "However, by working between files, the hacker(s) have been able to piece together enough information to be able to engage in identity theft for at least 50 employees."
Handy said officials believe the breach was a coordinated attack by one or a group of hackers. After pulling together information from separate files, the hackers have already taken out personal loans that debit bank accounts through PayDayMax, Inc. and Discount Advance Loans. They have also applied for and used Home Depot credit cards.
Florida College System chancellor Randy Hanna said that local, state and federal agencies are investigating the security breach at the school, which has 16,931 students.
The college has set up a website, www.nwfsc.edu/security, to help the affected students and employees. The site allows users to file a complaint with the Okaloosa County Sheriff's Office if an identity has been stolen. It includes links to the Federal Trade Commission as well as contacts at the college for students dealing with identity theft.
The school does not expect another breach, Handy said.
"The integrity of the NWFSC system has been restored and there is no indication of any additional instances of compromise of personal information," the release said.
Information from the Associated Press was used in this report.