PHOENIX (AP) — Private information of millions of current and former students, workers and suppliers at the Maricopa County Community College District was vulnerable to hackers because of security lapses in the district's computer systems that have since been patched, district officials said Wednesday.
The information that was potentially exposed included names, dates of birth, Social Security numbers and bank account information, but not credit card or health information. The district will notify nearly 2.5 million students, suppliers and employees by mail of the potential that their information was compromised and will provide credit monitoring and other services, district spokesman Tom Gariepy said.
The district has no evidence data was actually stolen, but can't prove it was not.
"We just don't know," Gariepy said.
The district has 10 community colleges and about 265,000 students attend classes each year. Including current and former students and staff, the total number of individuals affected is about 2,489,000, Gariepy said.
Chancellor Rufus Glasper apologized for the security lapse.
The FBI notified the district in April that someone was offering to sell its data online, and a months-long probe of the district's computer systems and its processes was launched, Gariepy said. FBI agent and spokesman Manuel Johnson confirmed the agency passed along the tip but said he had no additional information he could release on the case.
The problem was that outsiders were able to remotely access the district's computer system, and a skilled person could review and even download data.
The district is disciplining several information technology employees, Gariepy said.
"We've attributed that lack of security to the failures of certain people with IT responsibilities who did not live up to the expectations that we placed on them," he said.
The district expects to spend about $7 million to notify those affected, staff a call center to handle inquiries and provide credit monitoring and counseling to any affected person who requests those services.