August 10, 2010 – Tallahassee, FL - The College Center for Library Automation (CCLA), which provides automated library services and electronic resources to Florida’s public colleges, today began informing students, faculty, and staff of six colleges that some of their personal information was inadvertently open to online access between May 29 and June 2, 2010.Importantly, while there is evidence of either viewing by unauthorized persons or search engine posting of some of the personal information, CCLA has found no indication that the data has actually been obtained or misused.
The temporarily exposed personal information, as defined by Section 817.5681(5)(a)-(c), Florida Statutes, belongs to perhaps as many as 126,000 individuals at six colleges. CCLA is notifying the potentially affected individuals in writing, recommending that they place a fraud alert on their credit files to minimize the risk of identity theft, and providing instructions on placing the alert. CCLA’s instructions also include information on reporting any suspected fraudulent activity.
The institutions affected are Broward College, Florida State College at Jacksonville, Northwest Florida State College, Pensacola State College, South Florida Community College, and Tallahassee Community College. The records of these institutions were contained in temporary work files that were being processed by CCLA at the time of exposure.
“We pride ourselves on protecting private information and deeply regret this inadvertent exposure. I apologize to those involved for any worry or inconvenience this may cause them,” said CCLA’s Chief Executive Officer Richard Madaus. “As evidenced by our quick response to this incident, CCLA takes the security of personal data very seriously. We will continue to enhance our technology to safeguard all of the information entrusted to us.”
CCLA has determined that the installation of a software upgrade left the personal data unintentionally accessible for five days. CCLA first learned of the error on June 23, 2010, notified leaders of the colleges affected, initiated a security investigation, and began working with the Leon County Sheriff’s Office Financial Crimes Unit. Investigators discovered that some personal information had been accessed by unauthorized persons and that some was available through Google until the search engine was notified. All online access to the sensitive information was removed within 18 hours or less of discovery.
Copies of today’s e-mail to affected individuals (including fraud alert instructions) as well as answers to frequently asked questions are posted at www.cclaflorida.org/security.
Established in 1989, CCLA operates Florida’s Library Information Network for Cooperative Content (LINCC) and associated web-based information portal, LINCCWeb. CCLA is a cooperative effort between the Florida Department of Education’s Division of Florida Colleges and the College Council of Presidents.