Cyber Incident Victim: Florida Keys Community College

Florida Keys Community College discovered suspicious activity involving an employee email account on October 19, 2018, triggering an immediate investigation with third-party forensic experts. The investigation revealed unauthorized access to multiple employee email accounts resulting from a phishing campaign, with compromised credentials enabling intruders to maintain access between May 5, 2018, and November 5, 2018—a six-month intrusion window. Forensic analysts conducted manual and automated reviews of affected accounts to identify exposed sensitive data, completing this assessment by January 7, 2019. During this period, attackers potentially accessed personal information including names, addresses, dates of birth, Social Security numbers, passport details, medical records, and account credentials. The College began notifying impacted individuals after confirming their identities and verifying contact information, though the exact number of affected parties wasn't disclosed in public statements.

Upon confirming the breach scope, the College secured compromised employee accounts and initiated regulatory notifications as required by law. Response measures included establishing a dedicated assistance hotline operational weekdays from 9:00 a.m. to 6:30 p.m. EST and offering 12 months of complimentary identity protection services to victims. Institutional remediation focused on enhancing email security through mandatory Multi-Factor Authentication implementation across all accounts to prevent future credential-based compromises. The College maintained its Key West, Florida address (5901 College Road) as a contact point for written inquiries regarding the incident. No evidence suggested misuse of exposed data prior to containment, though the extended access period created significant exposure risk for individuals whose sensitive identifiers resided in breached email accounts.