Confidential information for about 126,000 students and employees at six community colleges in Florida were publicly available on the Internet for five days, a state library service center announced Tuesday.
A spokeswoman for the College Center for Library Automation wouldn't identify the specific information exposed, other than to say it was protected by a Florida statute and did not include financial information or library records. That means the information may include student names, Social Security numbers and drivers' license or Florida information card numbers, which are also protected under state law.
The information was available from May 29 to June 2, and officials from the library agency said they believe unauthorized people viewed it. But there is no evidence the data has been misused, said spokeswoman Lauren Sproull.
Still, the agency is sending letters to those affected, recommending they place a fraud alert on their credit files to minimize the risk of identity theft.
About 24,000 students at Broward College in Fort Lauderdale, Fla., may be affected, spokeswoman Rivka Spiro said. She said the students exposed were ones enrolled in summer term. No Broward College employees were affected, Spiro said.
Employees and students were affected at Florida State College at Jacksonville, Northwest Florida State College, Pensacola State College, South Florida Community College and Tallahassee Community College.
The library agency, which provides automated services and electronic resources to Florida's public colleges, determined the breach happened as a result of a software upgrade. Sproull wouldn't say which software caused the problem. The six colleges were affected because their borrower records were contained in temporary work files that were being processed at the time of exposure, officials said.
The Tallahassee-based library agency learned of the breach June 23, after a student reported finding personal information through a Google search. The agency has been investigating since then. The case has also been turned over to the Leon County Sheriff's Office.
"We pride ourselves on protecting private information and deeply regret this inadvertent exposure. I apologize to those involved for any worry or inconvenience this may cause them," said Richard Madaus, CEO of the College Center for Library Automation. "As evidenced by our quick response to this incident, CCLA takes the security of personal data very seriously. We will continue to enhance our technology to safeguard all of the information entrusted to us."
Explore further: Breaches emphasize need for scanning, encryption