FBI Investigates as 'Sophisticated Hackers' Illegally Access 125,000 Personal Records of Kirkwood Applicants

Kirkwood Community College officials say hackers broke into the university's website system and accessed a database with applicant's personal information.

The data breach occurred on March 13 and affects applicants to all campuses, which includes locations in Iowa City, the school said.

"Sophisticated hackers, using an international IP address, unlawfully accessed the Kirkwood website on March 13, 2013," the Kirkwood website states. "Specifically, the hackers gained access to archived application information from February 2005 until March 13, 2013 that may have included applicant names, birthdates, race, contact information and social security numbers. No financial data or academic records including grades and financial aid information, etc was stored in this system.

A staff member recognized suspicious activity and the school immediately shut down its website.

KCRG reports that the FBI is involved in the investigation of the security breach that put 125,000 personal records at risk.

"I trusted this school with this information and they failed. They let me down and that's a disappointment,” student Brett Villeneuve told KCRG.

The school is contacting those affected with a letter and will provide identify security and restoration services free of charge, according to the website.

If you did not receive a letter but you believe you applied to take Kirkwood college-credit classes between February 25, 2005 and March 13, 2013, you can contact verify@kirkwood.edu.

Kirkwood officials have worked with law enforcement and an external security services firm to evaluate the breach. They determined personal information was accessed for those applying to take Kirkwood college-credit classes between February 25, 2005 and March 13, 2013. However, they could not determine if the information was taken.

"We were unable to determine if the information was actually stolen or simply accessed," according to the website.

Here are the actions Kirkwood took:

1. The college immediately took down Kirkwood.edu until the suspicious activity could be isolated. This allowed the college to revoke the unauthorized access quickly.
2. The college took action to correct the breach and prevent further unauthorized access to individuals’ personal information.
3. The college notified local and federal law enforcement. Together we were able to identify the international IP address responsible for the attack.
4. The college has engaged a leading firm specializing in data breaches and forensic analysis to assist in the investigation. These steps have helped to fortify the system.
5. The college has communicated with the impacted individuals and offered identity protection and restoration services at no cost to the individual.