Card, mobile credential, payment and security
An accidental disclosure of Eagle ID Card information at Florida Gulf Coast University led to the institution recarding a portion of its campus community. Students, faculty and staff members were initially alerted of the incident on February 8, 2023 and that the file containing information about Eagle ID cards had been created prior to August 25, 2022.
According to a report from student publication, Eagle Media, an unauthorized party disclosed to the university that it had obtained access to a file containing names, University Identification Numbers (UIN), and FGCU-specific Eagle ID card numbers. The breach led to the university reissuing a batch of credentials to those campus community members included in the disclosed document.
The university set up pickup locations in campus residence halls for students. Student impacted by the breach needed to pickup the new ID cards prior to April 3, ahead of transaction capabilities being deactivated on the old cards for Flex Dollars and Eagle Dollars use. Meal swipes, food purchases and campus laundry are also tethered to the FGCU ID card and would not work until the new card is obtained.
A university email detailing the incident stressed that the university is improving its detection capabilities to minimize the risk of a repeat incident, reading in part: "FGCU is deactivating affected card numbers for transactional purposes on Apr. 3, 2023. Existing door/building access will continue to function after deactivation.”
Following the breach, the university printed hundreds of new ID cards for those affected. Students, faculty and staff impacted were required to turn in their old ID card at the time of being issued a new one. The newly issued cards remain unchanged, and feature the holder's full name, headshot, UIN and student card number.
FGCU Business Services has since removed any further potential risk of wrongdoers gaining unauthorized access.
