NICEVILLE — The personal information of at least 50 Northwest Florida State College employees, and perhaps students and vendors, was compromised in an apparent hacking incident.
College officials announced the online security breach Monday afternoon after conducting a week-long investigation following reports from five employees about issues with their bank accounts.
“The integrity of the NWFSC system has been restored and there is no indication of any additional instances of compromise of personal information,” NWFSC President Ty Handy stated in a news release. “An investigation is ongoing on the full nature and scope of the breach.”
Right now, officials believe a folder on the main server containing information about 3,201 current and retired employees since 2002 was compromised. A variety of information was taken from it, including the names, birthdates, Direct Deposit routing and account information and Social Security numbers, the release stated.
Additional information such as addresses and phone numbers might have also been taken, Handy said.
The college has not found any evidence that student or vendor information was taken, but officials are alerting everyone as a precaution since that information was also available in the accessed folder, Handy said.
If student data was taken it might include information such as phone numbers, addresses, birth dates and Social Security numbers.
Forty or less vendors that the college does online transfers and bill payments with might have had bank account information taken also, but nothing had been reported as of Monday.
“We speculate that this was a professional, coordinated attack by one or more hackers,” Handy said. “We believe that the hackers are having to do specific work to pull together enough information about an individual employee to steal their identity.”
The incident occurred between May 21 and Sept. 24.
To date, about 50 employees, including Handy, have reported issues related to identity theft including unauthorized bank withdrawals and credit cards.
An investigator from the Okaloosa County Sheriff’s Office cybercrime unit has been assigned to the case and further information will be made available as officials learn more, the news release stated.
The college is in the process of setting up a website that will include the most up-to-date information on the issue. It is expected by the end of the week.
Formal notices will be sent out to people who might have had information on the folder accessed as soon as possible.
“We hope, by the end of this week to know precisely which persons had their information compromised,” Handy said.
Employees, students or vendors who suspect identity theft because of this incident are being asked to file an affidavit with the sheriff’s office.