The president of Northwest Florida State College said Thursday he believes the school has managed to contain the size of a massive security breach, but more than 300,000 records that were stolen could still be used to commit identity theft.
“We have finished going through all the files that could have been breached,” said college president Ty Handy. “I do not expect the number [of compromised records] to get any larger.”
But Handy said that the identity thieves had used the information of 67 college employees to get bank loans and open up credit cards, and that the number of victims could rise.
“We’ve contained it, but what’s been accessed has been accessed,” he said. “We’re not going to get it back.”
The college announced Wednesday that computer hackers had accessed records of thousands of students who were eligible for the Florida’s Bright Futures scholarship (candidates in 2005-06 and 2006-07), and 76,500 current and past students at the Niceville college. About 3,000 school employees also had their data breached.
The Bright Futures program grants scholarships to students at public colleges and universities in the state based on academic merit.
The compromised information — accessed between May and September — included names, Social Security numbers, bank routing numbers, dates of birth, ethnicity and gender.
Handy said his office was working closely with law enforcement to track down the hackers and that he heard that Secret Service and the U.S. Treasury Department were getting involved.
Handy himself was among the employees victimized, the school said.
"We know that from May 21, 2012, until Sept. 24, 2012, one or more hackers accessed one folder on our main server. This folder had multiple files on it. No one file had a complete set of personal information regarding individuals," Handy said in a statement. "However, by working between files, the hacker(s) have been able to piece together enough information to be able to engage in identity theft for at least 50 employees."
Handy said officials believe the breach was a coordinated attack by one or a group of hackers. After pulling together information from separate files, the hackers have already taken out personal loans that debit bank accounts through PayDayMax Inc. and Discount Advance Loans. They have also applied for and used Home Depot credit cards.
The college has set up a website, www.nwfsc.edu/security, to help the affected students and employees. The site allows users to file a complaint with the Okaloosa County Sheriff’s Office if an identity has been stolen. It includes links to the Federal Trade Commission as well as contacts at the college for students dealing with identity theft.
The school does not expect another breach, Handy said.
"The integrity of the NWFSC system has been restored and there is no indication of any additional instances of compromise of personal information," the release said.
Tampa Bay Times staff writer Robbyn Mitchell and the Associated Press contributed to this report.