Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Data Breach Leads to Identity Theft at North West Florida State College

    By
    Brian Prince
    -
    October 14, 2012
    Share
    Facebook
    Twitter
    Linkedin

      A data breach has turned scores of Northwest Florida State College (NWFSC) employees into victims of identity theft in the aftermath of a massive data breach affecting nearly 300,000 people, including current and former students.

      The employee data was breached between May 21 and Sept. 24 after one or more hackers accessed a folder on the school’s main server. According to school officials, an internal review between Oct. 1 and Oct. 5 revealed that 76,000 current and former students of Northwest Florida State College (NWFSC) had their personal information exposed in the breach, as did approximately 200,000 students from Florida who were eligible for the Bright Futures scholarships for the 2005-2006 and 2006-2007 school years.

      In addition, more than 3,000 current and retired employees had their information exposed as well, making the breach one of the more extensive security incidents affecting a college in recent memory.

      ThreatMetrix, an IT security vendor focused on fraud-prevention tools, recently ranked the highest-risk universities in the country based on the number of risky online transactions either held for manual review or rejected by university networks. Among the leaders on the list were New York University (NYU), George Mason University and Harvard University. According to the firm, NYU is ranked No. 1 because when the transactions collected by ThreatMetrix were reviewed, they originated from 14 different time zones.

      Since these transactions are all either from servers on the university’s networks or students connecting to the networks, uncompromised transactions should all originate from one time zone. This means the transactions from other time zones indicate the use of either a proxy or VPN provider or a compromised network, the company explained.

      “Many of the top 50 were some of the leading universities in the U.S. which reflects the fact that their students, staff and administration services such as payroll are going to be high value targets for international criminals,” said Alisdair Faulkner, chief products officer at ThreatMetrix. “In addition 14 of the top 50 universities were recently breached by GhostShell which suggests that a large number will be shown to have compromised servers over the coming weeks. Once one criminal finds a hole, a river of crime quickly flows through.”

      In the case of the NWFSC, the exposed information includes names, social security numbers and birthdays. According to the college, the personal information exposed also includes the direct deposit bank routing and account number information of employees. As of Oct. 8, 50 employees had reported issues with identity theft, including the college president.

      “We provided information to employees as soon as we had an indication that there was an issue–when we initially had reports from five employees that their direct deposit accounts had been unlawfully accessed,” said Dr. Ty Handy, college president, in a statement. “We needed employees to take immediate steps to individually review and protect their personal data. As they did, more employees began to report issues once they reviewed their information.”

      “We know that from May 21, 2012 until Sept. 24, 2012 one or more hackers accessed one folder on our main server,” Handy said. “This folder had multiple files on it. No one file had a complete set of personal information regarding individuals. However, by working between files, the hacker(s) have been able to piece together enough information to be able to engage in identity theft for at least 50 employees.”

      Police have been contacted about the NWFSC incident.

      “The vast majority of attacks against universities are opportunistic in nature (rather than highly targeted against a particular school or system), and exploit simple vulnerabilities,” explained Josh Shaul, CTO of Application Security. “Most commonly, we see SQL injection as the attack vector, which is a technique that attackers have been using with great success for at least a decade now. Universities are clearly under attack, but rarely have the budget to spend to completely defend themselves.”

      Brian Prince

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×