Personal information for as many as 300,000 people at Northwest Florida State College has been exposed by a data breach that lasted for at least four months. Victims run the gamut of people on campus, including students, prospective students, and current and retired employees. The breach has already lead to at least 50 cases of identity theft, resulting in loans and credit cards being issued in the names of school employees.

The data was stolen from a shared folder on the college's main file server, and it contained social security numbers and dates of birth for over 200,000 Florida students from across the state who had applied for scholarships. The data also encompasses payroll and Direct Deposit information for many employees and retirees. In a memo to all employees (PDF) sent out on October 8, Northwest Florida State College President Dr. Ty Handy said that information had been gleaned from multiple files in a folder on the college's main server.

"No one file had a complete set of personal information regarding individuals," Handy wrote. "However, by working between files, the hacker(s) have been able to piece together enough information to be able to engage in the theft of identity of at least 50 employees."

Those employees' identities were used to obtain "pay-day" loans from PayDayMax, Inc. and Discount Advance Loans, as well as to obtain Home Depot credit cards. The loans were set up for payments to be automatically deducted from the victims' bank accounts. The college is still investigating which students' records were exposed.