From the college’s press release today:
Tallahassee Community College, on Friday, announced that an unauthorized acquisition of computerized data that may materially compromise the security, confidentiality, or integrity of personal information occurred in March 2011.
College officials were recently notified of the breach of security by federal officials. The federal investigation resulted in the conviction of a Miami, Fla., man on one count of conspiracy to submit false claims to the Internal Revenue Service, one count of access device fraud, and two counts of aggravated identity theft.
“TCC values the protection of private information, so we take this matter very seriously,” said TCC Chief of Police David Hendry. “We have identified the group of individuals whose information may have been compromised, and we will immediately begin the process of contacting each one.”
According to Hendry, the College believes the breach occurred internally and impacts approximately 3,300 individuals. An investigation into the breach is ongoing.
Beginning Monday, TCC will mail personalized letters to the persons potentially impacted by the data breach. The letters will detail what steps individuals can take to check the security of their identities; TCC will also provide additional resources, including a TCC hotline to provide further information.
If the federal investigation led to a conviction, then the feds clearly knew about this for a while. Why didn’t they inform the college before now? And why didn’t the college discover this breach on their own two years ago? What does the police chief mean that it occurred “internally?” Is he suggesting an employee was implicated in wrongdoing or something else?