Here’s more proof that even low-profile organizations are at risk for hacking. A Northwest Florida university revealed yesterday that the school’s servers had been hacked, revealing personally identifiable information for up to 300,000 students and employees, already resulting in identity theft.
According to CBS Miami, Northwest Florida State College’s database of students was tapped and watched for nearly four months. Hackers silently and slowly siphoned off sensitive information such as social security numbers, birthdays, names, and more. Specifically for employees of the university, direct deposit banking information was stolen alongside bank account numbers. This also included 200,000 profiles of “Bright Futures” students, a Florida-based scholarship program powered by the Florida Lottery.
The university released a statement saying the breach happened on May 21 through September 24. It also says it is in the process of reaching out to all of the affected students. Indeed, 50 people are already reporting issues with identity theft.
“If data is not protected, it’s going to be breached at some point,” said Mark Bower, vice president at Voltage Security, in an email. “Organizations can’t stop breaches by building walls around their IT systems, it has to be about the data. Make a breach useless and unattractive to even determined attackers by making the data they seek useless to them.”